[2025-12-10 09:33:18.245] [DEBUG] [tid:134145839584960] (main_gbm.cpp:334) 启动 gbm预测及训练! [2025-12-10 09:33:18.247] [ERROR] [tid:134145839584960] (KafkaConsumer.cpp:173) Created consumer rdkafka#consumer-2 [2025-12-10 09:33:18.247] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:453) subscribe successed: Success [2025-12-10 09:33:43.170] [ERROR] [tid:134145839584960] (KafkaConsumer.cpp:89) RebalanceCb: Local: Assign partitions: [2025-12-10 09:33:43.170] [ERROR] [tid:134145839584960] (KafkaConsumer.cpp:79) analyzed_queue_gbm[0], [2025-12-10 09:33:43.170] [ERROR] [tid:134145839584960] (KafkaConsumer.cpp:79) analyzed_queue_gbm[1], [2025-12-10 09:33:43.170] [ERROR] [tid:134145839584960] (KafkaConsumer.cpp:79) analyzed_queue_gbm[2], [2025-12-10 09:36:49.952] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25488 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_60210_239-255-255-250_1900.1726193426.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_60210_239-255-255-250_1900.1726193426.jsonl?X-Amz-Signature=a3f65bf21ea05e73766cdd71b6c3cbf9049720f4070e4b1eac147edbf0d97f90&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013649Z"} [2025-12-10 09:36:49.952] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:36:49.952] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:36:51.093] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:36:51.093] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:36:51.093] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:36:51.093] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:36:51.100] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_60210_239-255-255-250_1900.1726193426.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330611094, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:36:51.100] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:36:51.100] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:36:53.054] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24387 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54772_239-255-255-250_1900.1725956199.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54772_239-255-255-250_1900.1725956199.jsonl?X-Amz-Signature=c1c76b37dc1bf94a1ab274d5aee894b921d35302eb2d2b8ae8a98d1e4c5178cc&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013652Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:36:53.054] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:36:53.054] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:36:53.055] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:36:53.055] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:36:53.055] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:36:53.055] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:36:53.062] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54772_239-255-255-250_1900.1725956199.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330613055, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:36:53.062] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:36:53.062] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:36:56.154] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25489 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54773_239-255-255-250_1900.1725956199.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54773_239-255-255-250_1900.1725956199.jsonl?X-Amz-Signature=d4e483ccd571ed9655ccb809360416cab9f31f3e6d553558bd04fbe64917ac26&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013655Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:36:56.155] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:36:56.155] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:36:56.155] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:36:56.155] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:36:56.155] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:36:56.156] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:36:56.167] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-1_54773_239-255-255-250_1900.1725956199.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330616156, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:36:56.167] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:36:56.167] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:36:59.256] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24388 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_52001_239-255-255-250_1900.1726192246.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_52001_239-255-255-250_1900.1726192246.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ca9466ca22fabe39fd02bd606fb2ff2c5a87b2facceac6200a43811ca60f7383&X-Amz-Date=20251210T013658Z"} [2025-12-10 09:36:59.256] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:36:59.256] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:36:59.257] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:36:59.257] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:36:59.257] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:36:59.258] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:36:59.269] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_52001_239-255-255-250_1900.1726192246.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330619258, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:36:59.269] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:36:59.269] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:02.359] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25146 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_51595_239-255-255-250_1900.1726192066.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_51595_239-255-255-250_1900.1726192066.jsonl?X-Amz-Date=20251210T013701Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b60dc5d3cfa1f3f95b1f0efd84214c97a1122d34d93b080cd1cff40f5eb25db0"} [2025-12-10 09:37:02.359] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:02.359] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:02.359] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:02.359] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:02.359] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:02.360] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:02.371] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_51595_239-255-255-250_1900.1726192066.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330622360, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:02.371] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:37:02.371] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:05.461] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24389 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_37985_192-168-17-132_443.1726129728.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_37985_192-168-17-132_443.1726129728.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013704Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3d56b8de4c02bf5ed02d7dc729eb4297c0ed7e6064eb6f3f02f3d7a54eb24717"} [2025-12-10 09:37:05.461] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:05.461] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:05.461] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:05.461] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:05.461] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:05.462] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:05.716] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_37985_192-168-17-132_443.1726129728.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765330625462, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:05.716] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:37:05.716] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:08.563] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25490 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37301_192-168-17-132_443.1726129614.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37301_192-168-17-132_443.1726129614.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013708Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=9c2963d82e85c4c1a2308e3bb17ddf0a8609f111a2de73f834417f27e8bf2fe0"} [2025-12-10 09:37:08.563] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:08.563] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:08.564] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:08.564] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:08.564] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:08.564] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:08.752] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37301_192-168-17-132_443.1726129614.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765330628564, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:08.752] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:37:08.752] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:11.665] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24390 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36634_192-168-17-132_443.1726129504.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36634_192-168-17-132_443.1726129504.jsonl?X-Amz-Signature=4bdbc73973166b771e0f8a5ea200409930170b0fe83ac313f28c4045f9c1cb97&X-Amz-Date=20251210T013711Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:37:11.665] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:11.665] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:11.665] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:11.665] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:11.665] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:11.666] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:11.855] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36634_192-168-17-132_443.1726129504.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765330631666, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:11.855] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:37:11.855] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:14.767] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25147 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35946_192-168-17-132_443.1726129385.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35946_192-168-17-132_443.1726129385.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013714Z&X-Amz-SignedHeaders=host&X-Amz-Signature=26ad89513945ef90ce5cbfc79643f35868dc9edf54b2c8cf4166854ac6ed67ff&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:37:14.767] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:14.767] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:14.767] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:14.767] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:14.767] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:14.768] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:14.960] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35946_192-168-17-132_443.1726129385.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765330634768, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:14.960] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:37:14.960] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:17.868] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25491 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58744_192-168-17-132_443.1726121361.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58744_192-168-17-132_443.1726121361.jsonl?X-Amz-Date=20251210T013717Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=700cabba1e1ac94a217fe4015603dc2c5440a5767bb902786142f078d0d8dd21&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:37:17.869] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:17.869] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:17.869] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:17.869] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:17.869] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:17.870] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:18.064] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58744_192-168-17-132_443.1726121361.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765330637870, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:18.064] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:37:18.064] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:20.970] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25492 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_185-125-190-98_80_192-168-112-135_55098.1726130543.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_185-125-190-98_80_192-168-112-135_55098.1726130543.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013720Z&X-Amz-Signature=4389afff7afc6e7ce132c68efa2fe33a0c49d3ae2edbb1e049a99a3980cca975&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:37:20.970] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:20.970] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:20.970] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:20.970] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:20.970] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:20.971] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:21.164] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_185-125-190-98_80_192-168-112-135_55098.1726130543.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330640971, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "protocol": 6, "src_port": 55098, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:37:21.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:37:21.164] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:21.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:37:21.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:37:24.071] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24391 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_185-125-190-98_80_192-168-112-135_40916.1726129588.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_185-125-190-98_80_192-168-112-135_40916.1726129588.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013723Z&X-Amz-Signature=dfb0500289ea2ec1d654845747e3587fb7db330a7c6ac33559c44215d402d037&X-Amz-SignedHeaders=host"} [2025-12-10 09:37:24.071] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:24.072] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:24.072] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:24.072] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:24.072] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:24.072] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:24.276] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_185-125-190-98_80_192-168-112-135_40916.1726129588.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330644072, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "protocol": 6, "src_port": 40916, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:37:24.276] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:37:24.276] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:24.276] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:37:24.276] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:37:27.173] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24392 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.UDP_192-168-17-2_137_192-168-17-132_137.1726129240.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.UDP_192-168-17-2_137_192-168-17-132_137.1726129240.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T013726Z&X-Amz-Signature=7d0a81ba16f97d482396063936a16f6a67c65fce222a8d4cd5010ac2051ba2e9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:37:27.173] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:27.173] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:27.174] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:27.174] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:27.174] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:27.174] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:27.180] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.UDP_192-168-17-2_137_192-168-17-132_137.1726129240.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330647174, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:27.180] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:37:27.180] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:30.274] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25148 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192478.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192478.jsonl?X-Amz-Date=20251210T013729Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b78d23ac6710896df5e8187cf353f7a61b9dcd299d2b3a9cbc27a7b239d19e20&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:37:30.274] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:30.274] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:30.274] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:30.274] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:30.274] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:30.275] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:30.283] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192478.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330650275, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:30.283] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:37:30.283] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:33.376] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25493 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44876.1726132156.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44876.1726132156.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=33bfa49f2c4894b3bf3e4679b98b1488c1ddd833308c03a161bc5cbd9cbc7a97&X-Amz-Date=20251210T013732Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:37:33.376] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:33.376] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:33.376] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:33.376] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:33.376] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:33.377] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:33.618] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44876.1726132156.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330653377, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44876, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:37:33.618] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:37:33.618] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:33.618] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:37:33.618] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:37:36.478] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25149 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53322.1726132238.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53322.1726132238.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=1248f46a26199d7021315b8e6c7bfb1b1de18fd487a6227f3e7a076d24abb2fc&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013735Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:37:36.478] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:36.478] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:36.478] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:36.478] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:36.478] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:36.479] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:36.704] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53322.1726132238.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330656479, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53322, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:37:36.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:37:36.704] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:36.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:37:36.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:37:39.579] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24393 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192478.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192478.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b40f65dedf5ad86081dd063dbcfc120980a5a7d9f491731944e2458481e0b293&X-Amz-Date=20251210T013739Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:37:39.579] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:39.579] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:39.579] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:39.580] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:39.580] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:39.580] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:39.586] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192478.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330659580, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:39.586] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:37:39.586] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:42.681] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24394 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.UDP_fe80--e81c-5aaa-584f-f6fb_546_ff02--1-2_547.1726121355.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.UDP_fe80--e81c-5aaa-584f-f6fb_546_ff02--1-2_547.1726121355.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=f82102c8f59bc18aad00092611538c51065fb5476d3e72bd65f6d95d7aca6514&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013742Z"} [2025-12-10 09:37:42.681] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:42.681] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:42.681] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:42.681] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:42.681] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:42.682] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:42.693] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.UDP_fe80--e81c-5aaa-584f-f6fb_546_ff02--1-2_547.1726121355.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330662682, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:37:42.693] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:37:42.693] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:45.781] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25494 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44900.1726132198.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44900.1726132198.jsonl?X-Amz-Date=20251210T013745Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=b836200bbd7cf1f0527a84873ab8a978b64c730c141ac21e22ad9a71af0d1e92&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:37:45.781] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:45.781] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:45.782] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:45.782] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:45.782] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:45.783] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:46.019] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44900.1726132198.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330665783, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44900, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:37:46.019] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:37:46.019] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:46.019] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:37:46.019] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:37:48.883] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25495 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38764.1726130487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38764.1726130487.jsonl?X-Amz-Signature=b541ad0e4e06d74f35360483fe7600a8c9ed831139a61483ab7d4f1f7791edfd&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013748Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:37:48.883] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:48.883] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:48.883] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:48.883] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:48.883] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:48.884] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:49.071] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38764.1726130487.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330668884, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 38764, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:37:49.071] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:37:49.071] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:49.071] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:37:49.071] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:37:51.984] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25496 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47816.1726130530.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47816.1726130530.jsonl?X-Amz-Date=20251210T013751Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f8f087b6ad6666b35e811787e72ddc3ac70f592010dfdb352b32001aab2f058a&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:37:51.985] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:51.985] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:51.985] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:51.985] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:51.985] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:51.986] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:52.178] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47816.1726130530.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330671986, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47816, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:37:52.178] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:37:52.178] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:52.178] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:37:52.178] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:37:55.086] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25150 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36538.1726130578.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36538.1726130578.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013754Z&X-Amz-Signature=49a919613ff5c3c6edc6facf61385aadf7c5ed66ef39f3df8888bff6b811cc55&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:37:55.086] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:55.086] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:55.087] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:55.087] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:55.087] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:55.087] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:55.278] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36538.1726130578.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330675087, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36538, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:37:55.278] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:37:55.278] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:55.278] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:37:55.278] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:37:58.187] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24395 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34308.1726129515.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34308.1726129515.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013757Z&X-Amz-Expires=604800&X-Amz-Signature=a990e3344e749ee89b59495b11ba72401b626e62ba29c4924ee888c128e26b4f&X-Amz-SignedHeaders=host"} [2025-12-10 09:37:58.187] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:37:58.187] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:37:58.188] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:37:58.188] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:37:58.188] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:37:58.188] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:37:58.380] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34308.1726129515.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330678188, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34308, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:37:58.380] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:37:58.380] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:37:58.380] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:37:58.380] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:38:01.289] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25151 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52090.1726129584.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52090.1726129584.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=bc9ff782b8a2c0d74f0c6dbb5ab876fc3af2b777f15fa507e8da562eedd01679&X-Amz-Expires=604800&X-Amz-Date=20251210T013800Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:38:01.289] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:01.289] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:01.290] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:01.290] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:01.290] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:01.290] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:01.491] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52090.1726129584.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330681290, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52090, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:38:01.491] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:38:01.491] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:01.491] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:38:01.491] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:38:04.391] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25152 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35708.1726129632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35708.1726129632.jsonl?X-Amz-Signature=07a244134f55491f56a56e0a4fd1f4726806b1ba943a7eb5b589f2eefa319890&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T013803Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:38:04.391] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:04.391] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:04.392] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:04.392] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:04.392] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:04.392] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:04.600] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35708.1726129632.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330684392, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35708, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:38:04.600] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:38:04.600] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:04.600] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:38:04.600] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:38:07.491] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24396 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49233.1727232101.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49233.1727232101.jsonl?X-Amz-Signature=b5dcd57a19a7d7a308e7ce3e582bf59fa2911133fca1b68cc3fb3e8a09d8cb73&X-Amz-Date=20251210T013806Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:38:07.492] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:07.492] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:07.492] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:07.492] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:07.492] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:07.492] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:07.693] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49233.1727232101.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330687492, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49233, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:38:07.693] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:38:07.693] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:07.693] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:38:07.693] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:38:10.594] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25153 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50122.1726212710.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50122.1726212710.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=393b5494e765e20939fdcc3e4c261cfaf0d80d71faf6357d2cc6fad165574ade&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013810Z"} [2025-12-10 09:38:10.594] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:10.594] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:10.594] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:10.595] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:10.595] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:10.595] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:10.794] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50122.1726212710.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330690596, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50122, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:38:10.794] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:38:10.794] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:10.794] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:38:10.794] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:38:13.695] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24397 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49196.1727231967.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49196.1727231967.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013813Z&X-Amz-Expires=604800&X-Amz-Signature=e2b696c2a6e10428acb66728d422df78d2f3793303bf15f122df09bab3497c2e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:38:13.695] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:13.695] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:13.695] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:13.695] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:13.695] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:13.696] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:13.923] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49196.1727231967.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330693696, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49196, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:38:13.923] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:38:13.923] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:13.923] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:38:13.924] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:38:16.796] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25497 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42202_192-168-163-23_443.1726208536.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42202_192-168-163-23_443.1726208536.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013816Z&X-Amz-Signature=6cba8f493068e9289bd0fe0186ce368fbfe0d10a7c29bc1ed303dd198f9b653d"} [2025-12-10 09:38:16.796] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:16.796] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:16.796] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:16.796] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:16.796] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:16.797] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:16.995] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42202_192-168-163-23_443.1726208536.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330696797, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42202, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:38:16.995] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:38:16.995] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:16.995] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:38:16.995] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:38:19.897] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25154 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47642.1726130399.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47642.1726130399.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=67cd167a951574cf09a82a47a5c0b2e51d5a239b3bf8937b40dc2c86c3811719&X-Amz-Date=20251210T013819Z"} [2025-12-10 09:38:19.897] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:19.897] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:19.898] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:19.898] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:19.898] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:19.899] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:20.094] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47642.1726130399.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330699899, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47642, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:38:20.094] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:38:20.094] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:20.094] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:38:20.094] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:38:22.998] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25155 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43315.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43315.1726308782.jsonl?X-Amz-Date=20251210T013822Z&X-Amz-Expires=604800&X-Amz-Signature=c172b8291ab2e52092404c313a6b312f91142ee09901e72e6924979b6acb965a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:38:22.998] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:22.998] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:22.998] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:22.998] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:22.998] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:22.999] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:23.191] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43315.1726308782.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330702999, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43315, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:38:23.191] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:38:23.191] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:23.191] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:38:23.191] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:38:26.099] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25156 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_36168.1726192308.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_36168.1726192308.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d3b0a0476d83f70dfaba5b9bf04a617b09fbc002998a2283f450be9c4d58b882&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013825Z"} [2025-12-10 09:38:26.099] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:26.099] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:26.099] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:26.099] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:26.099] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:26.100] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:26.107] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_36168.1726192308.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330706100, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:26.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:38:26.108] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:29.200] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25157 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_57739.1726192309.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_57739.1726192309.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013828Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=28a0db96f8e16eab3115220778e11a5b0423f5a3ee1da70f4ef372fd66e038d3"} [2025-12-10 09:38:29.200] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:29.200] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:29.200] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:29.200] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:29.201] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:29.201] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:29.213] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_57739.1726192309.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330709202, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:29.213] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:38:29.213] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:32.302] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24398 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_36839.1726192280.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_36839.1726192280.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=83c9ff9d3d8c8893cfedd75ec4f17239a872930ca1fce2d798a9b9cfa5ae7eef&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013831Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:38:32.302] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:32.302] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:32.302] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:32.302] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:32.302] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:32.303] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:32.314] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_36839.1726192280.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330712303, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:32.314] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:38:32.314] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:35.403] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24399 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43683.1725956188.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43683.1725956188.jsonl?X-Amz-Signature=4a9d403f87d9e4a41a07a57b8c6040798015326865c4d56c7a24c8146a7f2161&X-Amz-Date=20251210T013834Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:38:35.403] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:35.403] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:35.403] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:35.403] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:35.403] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:35.404] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:35.415] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43683.1725956188.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330715405, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:35.415] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:38:35.416] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:38.505] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25498 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_56848.1725956188.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_56848.1725956188.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=a703b24c891e4bb242a11fc88a8b4d189665272db289096fdc2bbb4d06a78f74&X-Amz-Date=20251210T013838Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:38:38.505] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:38.505] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:38.505] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:38.505] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:38.505] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:38.506] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:38.517] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_56848.1725956188.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330718507, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:38.517] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:38:38.517] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:41.608] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24400 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54524.1726192241.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54524.1726192241.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=7bed4c61b70e18c32dd334165761ff8134428975aa0e39f723a1cb472264191e&X-Amz-Date=20251210T013841Z"} [2025-12-10 09:38:41.608] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:41.608] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:41.608] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:41.608] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:41.608] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:41.609] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:41.621] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54524.1726192241.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330721609, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:41.621] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:38:41.621] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:44.709] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24401 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_58070.1726192241.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_58070.1726192241.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=97167ed9ec4210169f824eb29ce4513029c495e7ca92088ae40a0cec366fc5ac&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013844Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:38:44.709] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:44.709] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:44.709] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:44.709] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:44.709] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:44.710] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:44.722] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_58070.1726192241.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330724710, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:44.722] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:38:44.722] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:47.811] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24402 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38634.1726042297.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38634.1726042297.jsonl?X-Amz-Expires=604800&X-Amz-Signature=568b5b268e743d6ff4a537074f8353f99fa18b617bfd345d369c2ab84711c81f&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013847Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:38:47.811] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:47.811] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:47.811] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:47.811] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:47.811] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:47.812] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:47.824] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38634.1726042297.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330727813, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:47.824] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:38:47.825] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:50.912] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25158 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43725.1726042297.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43725.1726042297.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013850Z&X-Amz-Signature=c24d52d4167f522decd79d05b10e71c7f7b25acb88a94167567b1e35807b47a5&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:38:50.912] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:50.912] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:50.912] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:50.912] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:50.912] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:50.912] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:50.919] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_43725.1726042297.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330730912, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:50.919] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:38:50.919] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:54.013] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25159 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_45267.1726192105.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_45267.1726192105.jsonl?X-Amz-Date=20251210T013853Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d3bc09f0d38285eb8bce7df8119cf8fa31ef1eec226be566b435e3be1ba14f6d"} [2025-12-10 09:38:54.013] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:54.013] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:54.014] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:54.014] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:54.014] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:54.014] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:54.026] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_45267.1726192105.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330734015, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:54.026] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:38:54.026] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:38:57.115] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25499 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_52385.1726192105.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_52385.1726192105.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=73aa2d308d7d7283edc8be90c2cb858a6e0a8d4397c38c4b074de96efa4b5d75&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013856Z"} [2025-12-10 09:38:57.115] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:38:57.115] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:38:57.115] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:38:57.115] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:38:57.115] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:38:57.116] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:38:57.127] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_52385.1726192105.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330737116, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:38:57.127] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:38:57.127] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:00.217] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25160 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_34303.1726192068.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_34303.1726192068.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013859Z&X-Amz-Signature=d268d13695e634049eb3672bf00f1d14e5b6f4bee5c358d7d7a5fb2cff3795e4&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:39:00.217] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:00.217] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:00.217] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:00.217] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:00.217] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:00.218] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:00.229] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_34303.1726192068.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330740218, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:00.229] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:39:00.229] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:03.319] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25500 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60066.1726192068.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60066.1726192068.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=732b9abba79e251e3b26d9fdb73bb6d512f645254538d2eee37f04289cb5bf99&X-Amz-Date=20251210T013902Z"} [2025-12-10 09:39:03.319] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:03.319] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:03.319] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:03.319] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:03.319] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:03.320] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:03.332] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60066.1726192068.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330743321, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:03.332] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:39:03.332] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:06.421] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25501 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_41939.1726042454.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_41939.1726042454.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=1f99d10ce4dd11397c296a94d5855a5e54707aee51aee954a57b281be62105f7&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013905Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:39:06.421] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:06.421] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:06.421] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:06.421] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:06.421] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:06.422] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:06.434] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_41939.1726042454.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330746423, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:06.434] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:39:06.434] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:09.522] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24403 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_55735.1726042454.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_55735.1726042454.jsonl?X-Amz-Signature=141329396116baac85c508ba2ffa89f6d7b37879cd8349aa2780955eb568520d&X-Amz-Date=20251210T013909Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:39:09.522] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:09.522] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:09.522] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:09.522] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:09.522] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:09.523] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:09.535] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.UDP_192-168-52-2_53_192-168-52-129_55735.1726042454.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330749523, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:09.535] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:39:09.535] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:12.623] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25502 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_37527.1726042424.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_37527.1726042424.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013912Z&X-Amz-Signature=5b0735720090c409c9e3bab7ae36b80994a001c0a6e4939d75baca5e74185bb2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:39:12.623] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:12.623] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:12.624] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:12.624] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:12.624] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:12.625] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:12.636] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_37527.1726042424.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330752625, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:12.636] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:39:12.636] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:15.725] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24404 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60160.1726042424.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60160.1726042424.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ac3f4654db7cb8f7fed9955e5ff7e06858d8c26509ad6ba1306fc8b3679052a6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013915Z"} [2025-12-10 09:39:15.725] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:15.725] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:15.725] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:15.725] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:15.725] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:15.726] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:15.737] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.UDP_192-168-52-2_53_192-168-52-129_60160.1726042424.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330755726, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:15.737] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:39:15.738] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:18.827] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25161 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_53411.1725954694.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_53411.1725954694.jsonl?X-Amz-Signature=b4ff4b30431d55e1ebb8ba6370c24f903a3bce4e6d502d73031b2f24bbdca69d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T013918Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:39:18.827] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:18.827] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:18.828] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:18.828] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:18.828] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:18.829] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:18.840] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_53411.1725954694.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330758829, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:18.840] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:39:18.840] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:21.929] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25503 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_57957.1725954694.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_57957.1725954694.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013921Z&X-Amz-Signature=1d5b8b6d43f2e9ab1d432e0640559bfcfb85dbadd354ae05513f424dab1bfab0&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:39:21.929] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:21.929] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:21.929] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:21.929] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:21.929] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:21.930] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:21.941] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_57957.1725954694.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330761931, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:21.941] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:39:21.941] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:25.030] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25162 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_42613.1726192027.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_42613.1726192027.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T013924Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=73241dae69c8578861683d6ffc7fdce67b04e720f0f910554325f0fea7492d48&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:39:25.031] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:25.031] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:25.031] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:25.031] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:25.031] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:25.032] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:25.043] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_42613.1726192027.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330765032, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:25.043] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:39:25.043] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:28.132] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25504 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_55400.1726192027.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_55400.1726192027.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f5e3f8e733e27b9017cd7b6d90300f45abf93cc032b775060ada52a670a1bdb6&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T013927Z"} [2025-12-10 09:39:28.132] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:28.132] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:28.132] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:28.132] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:28.132] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:28.133] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:28.144] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_55400.1726192027.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330768133, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:28.144] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:39:28.144] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:31.234] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25505 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21041_192-168-52-129_443.1725955218.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21041_192-168-52-129_443.1725955218.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T013930Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=42f508dd6117d86a0d7d6b8b424b2373b418cd250c1996d668506bf980da037a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:39:31.234] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:31.234] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:31.234] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:31.234] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:31.234] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:31.235] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:31.473] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21041_192-168-52-129_443.1725955218.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330771235, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.129", "dest_ip": "192.168.52.1", "protocol": 6, "src_port": 443, "dest_port": 21041, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:39:31.473] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:39:31.473] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:31.473] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:39:31.473] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:39:34.335] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25163 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_65094_239-255-255-250_1900.1726192252.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_65094_239-255-255-250_1900.1726192252.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T013933Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=19282321e75abf2f912b7e5ee1eb1176a0572bd487a34e9b7d28eba1c2ad4b39&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:39:34.335] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:34.335] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:34.335] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:34.335] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:34.335] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:34.336] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:34.343] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_65094_239-255-255-250_1900.1726192252.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330774336, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:39:34.343] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:39:34.343] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:37.436] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25506 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49264.1726045047.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49264.1726045047.jsonl?X-Amz-Date=20251210T013936Z&X-Amz-Signature=2e105514bc98b801cf9623f9fb44fc01e49e9e31d9060ad25270f9dd07bde182&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:39:37.436] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:37.436] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:37.436] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:37.437] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:37.437] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:37.438] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:37.630] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49264.1726045047.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330777438, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49264, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:39:37.630] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:39:37.630] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:37.630] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:39:37.630] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:39:40.537] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25164 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49235.1726043314.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49235.1726043314.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=45373ec656b3ef8ffe9979577a98f4e68fc56c3d3e8d2b31cf8a0e977a2681ef&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T013940Z"} [2025-12-10 09:39:40.537] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:40.537] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:40.537] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:40.537] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:40.537] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:40.538] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:40.712] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49235.1726043314.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330780538, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49235, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:39:40.713] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:39:40.713] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:40.713] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:39:40.713] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:39:43.639] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25165 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49217.1726040470.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49217.1726040470.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=ac36c4419f6802bd48e230fb84a6f7e34f6f09f110139c01308ca294bb4d00e9&X-Amz-Date=20251210T013943Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:39:43.639] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:43.639] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:43.639] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:43.639] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:43.639] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:43.640] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:43.830] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49217.1726040470.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330783640, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49217, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:39:43.830] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:39:43.830] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:43.830] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:39:43.830] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:39:46.739] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25166 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49204.1726039121.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49204.1726039121.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=730e886a615fe1b4dfb929c137579a94de0cb51f63c37cc0728c59cb095aefab&X-Amz-Date=20251210T013946Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:39:46.739] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:46.739] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:46.740] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:46.740] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:46.740] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:46.740] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:46.931] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49204.1726039121.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330786740, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49204, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:39:46.932] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:39:46.932] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:46.932] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:39:46.932] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:39:49.841] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25507 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49259.1726044658.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49259.1726044658.jsonl?X-Amz-Date=20251210T013949Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=4eade0be20fd8b4c217ef9a0ee6d6572216df46994a6e46fabcd2224d5de259a"} [2025-12-10 09:39:49.841] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:49.841] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:49.841] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:49.841] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:49.842] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:49.842] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:50.035] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49259.1726044658.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330789843, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49259, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:39:50.035] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:39:50.035] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:50.035] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:39:50.035] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:39:52.942] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24405 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49263.1726045043.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49263.1726045043.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5851201e6d0f204286e6cb6d6ecd1ca596b54250912759e566b32e93757cbf65&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013952Z"} [2025-12-10 09:39:52.942] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:52.942] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:52.943] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:52.943] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:52.943] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:52.943] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:53.181] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49263.1726045043.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330792943, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49263, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:39:53.181] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:39:53.181] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:53.181] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:39:53.181] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:39:56.044] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24406 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49234.1726043311.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49234.1726043311.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T013955Z&X-Amz-Signature=b1c86ebde446a9edad0158814f09c264ee5fff49466a040a1d25b89869c1d917&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:39:56.044] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:56.044] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:56.044] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:56.044] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:56.044] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:56.044] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:56.235] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49234.1726043311.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330796044, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49234, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:39:56.235] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:39:56.235] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:56.235] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:39:56.235] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:39:59.146] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25167 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.1726129146.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.1726129146.jsonl?X-Amz-Date=20251210T013958Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ab3c1c47574efc5b2964bc943113c74d464c32e18d8c25f058df3354775518b6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:39:59.146] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:39:59.146] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:39:59.146] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:39:59.146] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:39:59.146] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:39:59.147] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:39:59.343] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.1726129146.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330799147, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56136, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7120939475867335, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:39:59.343] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:39:59.343] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:39:59.343] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:39:59.343] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:40:02.248] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25168 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-129_68_192-168-52-254_67.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-129_68_192-168-52-254_67.1726192250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014001Z&X-Amz-SignedHeaders=host&X-Amz-Signature=884973f4b0e10f58719bc1f7d6a74068d5122a4c8f39e5297842603e1c5da93f&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:40:02.248] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:02.248] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:02.248] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:02.248] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:02.248] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:02.249] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:02.255] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-129_68_192-168-52-254_67.1726192250.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330802249, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:02.255] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:02.255] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:05.349] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24407 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_0-0-0-0_68_255-255-255-255_67.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_0-0-0-0_68_255-255-255-255_67.1726192250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014004Z&X-Amz-SignedHeaders=host&X-Amz-Signature=1c5f1fdcdd27a6c8937fffba9f43c5579981edacb7cdc7bc948c5a3539cdb75e"} [2025-12-10 09:40:05.349] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:05.349] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:05.349] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:05.349] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:05.349] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:05.350] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:05.361] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_0-0-0-0_68_255-255-255-255_67.1726192250.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330805350, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:05.361] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:05.361] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:08.450] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24408 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193428.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193428.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014007Z&X-Amz-Signature=ff7fb4e962171d1b2b9be9454acd0110d748017afe28bb37c6ad5574eb4ecc94&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:40:08.451] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:08.451] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:08.451] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:08.451] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:08.451] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:08.452] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:08.463] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193428.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330808452, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:08.463] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:08.463] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:11.553] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25169 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193404.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193404.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=d6f0e78a192a7d58e0b2f03b7103722753a480f7d8847a646b91c432a5a2b447&X-Amz-Date=20251210T014011Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:40:11.553] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:11.553] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:11.553] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:11.553] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:11.553] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:11.554] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:11.565] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193404.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330811554, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:11.565] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:11.565] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:14.654] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25508 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726018271.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726018271.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=362c479b36944e30017c2f70ce81f17c63923bf06d30815b6d12d8c78f06d55e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014014Z"} [2025-12-10 09:40:14.654] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:14.654] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:14.654] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:14.654] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:14.654] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:14.654] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:14.660] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726018271.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330814654, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:14.660] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:14.660] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:17.756] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25170 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193257.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193257.jsonl?X-Amz-Signature=53c5e2921e92b54ffa5a0e9e99341120df914d1e6e165d3ff09bab25f3e31abc&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014017Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:40:17.756] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:17.756] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:17.756] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:17.756] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:17.756] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:17.757] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:17.769] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726193257.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330817758, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:17.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:17.769] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:20.858] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25509 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041739.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041739.jsonl?X-Amz-Signature=15fcf6d6f16eac9f14589adb34599cc1457f013f43346ed035bc27bf14d6f69a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014020Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:40:20.858] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:20.858] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:20.858] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:20.858] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:20.858] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:20.859] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:20.871] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041739.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330820859, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:20.871] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:20.871] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:23.959] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24409 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192509.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192509.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=f2dcdd1fc76d1abcf8b70e9c8f36672315db3c67a5eefe7d150b61dab604be2f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014023Z"} [2025-12-10 09:40:23.960] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:23.960] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:23.960] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:23.960] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:23.960] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:23.961] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:23.972] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192509.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330823961, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:23.972] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:23.972] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:27.061] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25171 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041863.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041863.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014026Z&X-Amz-Signature=1257c4b1c97bc23b7fdccf304a60bb2e8a8a13b211d4226ed77cd65d3f6a9d77&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:40:27.061] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:27.061] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:27.062] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:27.062] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:27.062] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:27.063] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:27.074] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041863.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330827063, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:27.074] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:27.074] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:30.163] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24410 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042777.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042777.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8daf18dec3ed52f0f52c46509683f372c830d726557fa857b79baab78ad66cf6&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014029Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:40:30.163] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:30.163] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:30.163] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:30.163] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:30.163] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:30.164] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:30.176] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042777.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330830164, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:30.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:30.176] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:33.265] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25510 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041838.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041838.jsonl?X-Amz-Date=20251210T014032Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=ffc4986c88da70e4cd606e14acd38e36b3c16d2a5f726b93a2f54d8ec7ceccb5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:40:33.265] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:33.265] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:33.265] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:33.265] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:33.265] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:33.266] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:33.277] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726041838.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330833267, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:33.277] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:33.277] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:36.366] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25511 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192278.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192278.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e99310ba483ff91523bb2fcc15c09b0142a125acc74f08a63b37997ccc00a32f&X-Amz-Date=20251210T014035Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:40:36.366] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:36.366] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:36.366] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:36.366] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:36.366] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:36.367] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:36.378] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192278.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330836367, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:36.378] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:36.378] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:39.467] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25172 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192245.jsonl?X-Amz-Date=20251210T014038Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=11b26bb009736ed980cc744b246da53caef718a7829f9becfc972031d7276d63"} [2025-12-10 09:40:39.467] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:39.467] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:39.467] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:39.467] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:39.467] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:39.468] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:39.473] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192245.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330839468, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:39.473] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:39.473] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:42.569] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25173 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192066.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192066.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=f048d61227cd837cd0675848fa49907bf05611bf9af5e97e1f70c7d8d549168f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014042Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:40:42.569] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:42.569] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:42.569] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:42.569] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:42.569] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:42.570] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:42.575] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726192066.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330842570, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:42.575] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:42.575] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:45.671] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25174 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11584_192-168-52-129_443.1726018234.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11584_192-168-52-129_443.1726018234.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ce08d8282b147bee699ec8844f5d2945d9e7348461efa70d7d4737ae600b48f1&X-Amz-Expires=604800&X-Amz-Date=20251210T014045Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:40:45.672] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:45.672] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:45.672] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:45.672] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:45.672] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:45.673] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:45.909] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11584_192-168-52-129_443.1726018234.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330845673, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11584, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:40:45.910] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:40:45.910] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:45.910] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:40:45.910] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:40:48.773] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25512 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254863.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254863.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014048Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=472e63c0d42b18b7efcc4032b12d555515624b2489cfdd9ddb0c02182063d48f&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:40:48.773] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:48.773] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:48.773] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:48.773] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:48.773] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:48.774] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:48.963] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254863.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330848774, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "protocol": 6, "src_port": 20846, "dest_port": 54340, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:40:48.963] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:40:48.963] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:48.963] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:40:48.963] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:40:51.875] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24411 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54435.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54435.1726192250.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014051Z&X-Amz-Signature=fe084b1c8444f98da864c6dd45ec75e9cabe3c81c5a6e99b0021b903e119800d&X-Amz-Expires=604800"} [2025-12-10 09:40:51.875] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:51.875] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:51.875] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:51.875] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:51.875] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:51.876] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:51.881] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_54435.1726192250.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330851876, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:51.881] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:51.881] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:54.975] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25513 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38760.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38760.1726192250.jsonl?X-Amz-Date=20251210T014054Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f590792acc31489d5108325f128725378ba8ec3ebab6cfee8c97210176e2bcb9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:40:54.975] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:54.975] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:54.976] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:54.976] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:54.976] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:54.977] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:54.988] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-2_53_192-168-52-129_38760.1726192250.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330854977, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:54.988] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:54.988] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:40:58.077] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24412 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042646.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042646.jsonl?X-Amz-Signature=48957a3222f62d8f4ed92cb6323a7a67b6dab2afdfbee74ad7f69a43f253c60b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014057Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:40:58.077] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:40:58.077] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:40:58.078] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:40:58.078] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:40:58.078] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:40:58.079] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:40:58.090] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042646.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330858079, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:40:58.090] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:40:58.090] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:01.179] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24413 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11473_192-168-52-129_38483.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11473_192-168-52-129_38483.1726192244.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014100Z&X-Amz-Expires=604800&X-Amz-Signature=9c97a215306394c921eeffd3af7bb15dc942090c5846dd112058387c44863905"} [2025-12-10 09:41:01.179] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:01.179] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:01.179] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:01.179] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:01.179] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:01.180] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:01.422] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11473_192-168-52-129_38483.1726192244.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330861181, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11473, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:01.423] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:01.423] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:01.423] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:01.423] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:04.280] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25175 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_91-189-91-157_123_192-168-52-129_51324.1726192250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_91-189-91-157_123_192-168-52-129_51324.1726192250.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014103Z&X-Amz-Signature=f0ba4e54ce8d4b3776e4345224054dfdcb037ed41d05e9e285caf31fda49afba"} [2025-12-10 09:41:04.281] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:04.281] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:04.281] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:04.281] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:04.281] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:04.281] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:04.289] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_91-189-91-157_123_192-168-52-129_51324.1726192250.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330864281, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:41:04.289] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:41:04.289] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:07.382] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25176 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_54490_239-255-255-250_1900.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_54490_239-255-255-250_1900.1726192244.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e23aef86524a88feae4eb30423ed5626b77c8f194b8364588c64de9c1cee1fe8&X-Amz-Date=20251210T014106Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:41:07.382] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:07.383] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:07.383] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:07.383] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:07.383] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:07.384] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:07.395] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_54490_239-255-255-250_1900.1726192244.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330867384, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:41:07.395] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:41:07.395] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:10.484] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25514 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13283_192-168-52-129_38483.1726193408.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13283_192-168-52-129_38483.1726193408.jsonl?X-Amz-Signature=afbc2cbd611f5d4d6b99359cbbf4bb538825f931c0a4c215750dabdcbff974be&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014109Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:41:10.484] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:10.484] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:10.484] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:10.484] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:10.484] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:10.485] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:10.729] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13283_192-168-52-129_38483.1726193408.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330870486, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13283, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:10.729] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:10.729] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:10.729] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:10.729] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:13.585] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25177 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018581.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018581.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014113Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ae7028e678129b3db65cb66a45c77919756eee04e58aa78fbab35c7e0cdb8c68&X-Amz-Expires=604800"} [2025-12-10 09:41:13.585] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:13.585] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:13.586] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:13.586] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:13.586] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:13.586] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:13.776] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018581.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330873586, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12200, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:13.776] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:13.776] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:13.776] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:13.776] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:16.685] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25515 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018536.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018536.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014116Z&X-Amz-Signature=707eaf9220996e3b53dc198ec1428c12b3c40c34d3281e3ba839fc84374fff8d&X-Amz-Expires=604800"} [2025-12-10 09:41:16.686] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:16.686] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:16.686] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:16.686] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:16.686] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:16.686] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:16.837] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12200_192-168-52-129_38483.1726018536.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330876686, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12200, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:16.837] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:16.837] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:16.837] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:16.837] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:19.787] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25516 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11853_192-168-52-129_38483.1726192481.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11853_192-168-52-129_38483.1726192481.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=a8da4e1a95d00e7e14f1853bc41ff436e85d867012850d0bb9756099d3599630&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014119Z"} [2025-12-10 09:41:19.787] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:19.787] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:19.788] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:19.788] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:19.788] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:19.789] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:19.953] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11853_192-168-52-129_38483.1726192481.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330879789, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11853, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:19.953] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:19.953] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:19.953] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:19.953] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:22.889] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25517 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42674_192-168-52-129_38483.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42674_192-168-52-129_38483.1726042673.jsonl?X-Amz-Signature=4fdc6afa0a576fda8357ac638045a099a343f5d8a74ac021bdd04112e11e69cc&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014122Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:41:22.889] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:22.889] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:22.889] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:22.889] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:22.889] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:22.890] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:23.128] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42674_192-168-52-129_38483.1726042673.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330882890, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42674, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:23.128] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:23.128] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:23.128] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:23.128] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:25.991] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25518 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42675_192-168-52-129_38483.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42675_192-168-52-129_38483.1726042673.jsonl?X-Amz-Date=20251210T014125Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=ba7ac9befc0afb3a075a8ba529a74c7e44aba6a015f010a5826e82e0b034da2f"} [2025-12-10 09:41:25.991] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:25.991] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:25.991] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:25.991] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:25.991] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:25.992] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:26.195] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42675_192-168-52-129_38483.1726042673.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330885992, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42675, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:26.195] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:26.195] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:26.195] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:26.195] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:29.094] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24414 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42677_192-168-52-129_38483.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42677_192-168-52-129_38483.1726042673.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014128Z&X-Amz-Signature=71471417ccda3a85084e0f03dc9cbecef616e8e10c7fe7e295bea5a76e745514"} [2025-12-10 09:41:29.094] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:29.094] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:29.094] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:29.094] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:29.094] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:29.095] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:29.295] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42677_192-168-52-129_38483.1726042673.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330889095, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42677, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:29.295] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:29.295] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:29.295] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:29.295] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:32.195] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25519 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42676_192-168-52-129_38483.1726042729.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42676_192-168-52-129_38483.1726042729.jsonl?X-Amz-Signature=54a3bfd4a7a043aac31b2f1a4c5e7792156f7f07cd23230760b44155a6c69376&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014131Z"} [2025-12-10 09:41:32.195] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:32.195] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:32.195] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:32.196] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:32.196] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:32.196] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:32.386] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42676_192-168-52-129_38483.1726042729.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330892196, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42676, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:32.386] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:32.386] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:32.386] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:32.386] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:35.297] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25178 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_19948_192-168-52-129_38483.1725954691.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_19948_192-168-52-129_38483.1725954691.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=731f2ebaed2fa188ce711c5a5cb9f4049d55b64c867c2eb2991a98f8a3feff91&X-Amz-Date=20251210T014134Z&X-Amz-Expires=604800"} [2025-12-10 09:41:35.297] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:35.297] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:35.297] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:35.297] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:35.297] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:35.298] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:35.487] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_19948_192-168-52-129_38483.1725954691.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330895298, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 19948, "dest_port": 38483, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:35.487] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:35.487] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:35.487] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:35.487] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:38.399] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25520 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.1726212841.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.1726212841.jsonl?X-Amz-Date=20251210T014137Z&X-Amz-Signature=3892da2cc69d16359f9689b56fe8e73f71e59c3536758cc2c81c9a689665f75a&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:41:38.400] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:38.400] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:38.400] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:38.400] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:38.400] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:38.401] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:38.593] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.1726212841.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330898401, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50185, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9411154499532502, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:38.593] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:38.593] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:38.593] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:38.593] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:41.501] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24415 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254938.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254938.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014141Z&X-Amz-Signature=c4b9af2d2ce0aa13d56b05de13b3d4b4f485ff14b08c4250c3f478bc3b48263d&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:41:41.501] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:41.501] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:41.501] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:41.501] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:41.501] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:41.502] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:41.695] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_54340_192-168-112-135_20846.1727254938.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330901502, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "protocol": 6, "src_port": 20846, "dest_port": 54340, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:41.695] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:41.695] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:41.695] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:41.695] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:44.602] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25179 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54842_192-168-112-135_8080.1726627265.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54842_192-168-112-135_8080.1726627265.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014144Z&X-Amz-Expires=604800&X-Amz-Signature=d3d2b536cc2d4089879165cc2286029644a170048fea36bd12676dc86aba1da0"} [2025-12-10 09:41:44.602] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:44.602] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:44.602] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:44.602] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:44.602] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:44.603] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:44.795] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54842_192-168-112-135_8080.1726627265.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330904603, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "protocol": 6, "src_port": 8080, "dest_port": 54842, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:44.795] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:44.795] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:44.795] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:44.795] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:47.702] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25180 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54843_192-168-112-135_8080.1726627265.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54843_192-168-112-135_8080.1726627265.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=1ef569bfd872759e8fffc6d6e9d12db47f2a5a1a1787ebc03215520943b965fc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014147Z"} [2025-12-10 09:41:47.703] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:47.703] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:47.703] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:47.703] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:47.703] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:47.703] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:47.896] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54843_192-168-112-135_8080.1726627265.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330907703, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.135", "dest_ip": "192.168.112.1", "protocol": 6, "src_port": 8080, "dest_port": 54843, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:41:47.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:41:47.896] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:47.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:41:47.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:41:50.804] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24416 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042672.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042672.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5892a7b187c83e7bc0771a206d5ec59ad773b9025b35e57e8b55dfe4a6e53909&X-Amz-Date=20251210T014150Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:41:50.804] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:50.804] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:50.804] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:50.804] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:50.804] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:50.805] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:50.811] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_137_192-168-52-255_137.1726042672.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330910805, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:41:50.811] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:41:50.811] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:53.905] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24417 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_61594_ff02--1-3_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_61594_ff02--1-3_5355.1726192245.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4cf30ed782a334a00b4fd4db6495e1c04320e38aff1f004b36c1ee6b34241350&X-Amz-Date=20251210T014153Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:41:53.905] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:53.905] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:53.905] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:53.905] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:53.905] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:53.906] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:53.917] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_61594_ff02--1-3_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330913906, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:41:53.917] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:41:53.917] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:41:57.007] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24418 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_63753_ff02--1-3_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_63753_ff02--1-3_5355.1726192245.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5bdc5b1101433bf807dfd3ac1a6f64cc106ecaa447092f0dd0b2b3fd0c02c731&X-Amz-Date=20251210T014156Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:41:57.007] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:41:57.007] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:41:57.007] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:41:57.007] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:41:57.007] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:41:57.008] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:41:57.019] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_63753_ff02--1-3_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330917008, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:41:57.019] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:41:57.019] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:00.108] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25181 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_61594_224-0-0-252_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_61594_224-0-0-252_5355.1726192245.jsonl?X-Amz-Expires=604800&X-Amz-Signature=57531d6472c21bd1812aeeeb81b5128730f78c0add9616e137cb1e071dee6cab&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014159Z"} [2025-12-10 09:42:00.109] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:00.109] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:00.109] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:00.109] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:00.109] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:00.110] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:00.121] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_61594_224-0-0-252_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330920110, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:42:00.121] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:42:00.121] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:03.211] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25182 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_63753_224-0-0-252_5355.1726192245.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_63753_224-0-0-252_5355.1726192245.jsonl?X-Amz-Date=20251210T014202Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=7b94c3d28e0ee4060425f0d30c272162df36b67a96b37e87bb6730d79d6f431e"} [2025-12-10 09:42:03.211] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:03.211] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:03.211] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:03.211] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:03.211] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:03.212] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:03.223] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_63753_224-0-0-252_5355.1726192245.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330923212, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:42:03.223] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:42:03.223] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:06.312] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24419 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51265.1726800660.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51265.1726800660.jsonl?X-Amz-Signature=d24c4b15de750e671cf09ec9ca735f59389dbe4f54a2ccd3c06a3d8e11440825&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014205Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:42:06.313] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:06.313] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:06.313] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:06.313] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:06.313] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:06.314] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:06.548] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51265.1726800660.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330926314, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51265, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8870828047759287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:06.548] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:06.548] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:06.548] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:06.548] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:09.415] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24420 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51762.1726813550.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51762.1726813550.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=cb29ff3633c7c0107ec48eaf3a6a3a3023a9bf43586f22f8745f300091219a68&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014208Z"} [2025-12-10 09:42:09.415] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:09.415] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:09.415] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:09.415] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:09.415] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:09.416] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:09.622] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51762.1726813550.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330929417, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51762, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.865003353805995, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:42:09.622] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:09.622] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:09.622] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:09.622] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:12.518] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25183 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51865.1726816544.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51865.1726816544.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014212Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=4dca78748e0ea53d7701f56937b98d3c49672ec6e3b7da670b3c26d02eca66e4"} [2025-12-10 09:42:12.518] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:12.518] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:12.518] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:12.518] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:12.518] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:12.519] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:12.741] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51865.1726816544.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330932519, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51865, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5080692700085622, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:12.742] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:12.742] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:12.742] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:12.742] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:15.621] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24421 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51871.1726816695.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51871.1726816695.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=7405f481471d31b2a34066fbc382bc5cf49866cd6247051f0ca61c9e0d3324b8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014215Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:42:15.621] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:15.621] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:15.621] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:15.621] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:15.621] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:15.622] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:15.812] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51871.1726816695.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330935622, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51871, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5734997034085443, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:15.812] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:15.812] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:15.812] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:15.812] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:18.723] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24422 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51109.1726795427.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51109.1726795427.jsonl?X-Amz-Date=20251210T014218Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=3d9787a17f088d497758ed1aa139d604b947aba8b45907e7d25626ef8aad3ba3&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:42:18.723] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:18.723] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:18.723] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:18.723] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:18.723] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:18.724] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:18.923] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51109.1726795427.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330938724, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51109, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7797161693223945, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:42:18.923] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:18.923] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:18.923] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:18.923] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:21.826] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25184 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51115.1726795578.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51115.1726795578.jsonl?X-Amz-Date=20251210T014221Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ac8b883c6c668dcb86326cf2fae429ea11ab9ef21fb206f8e2ee2d34e7997556"} [2025-12-10 09:42:21.826] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:21.826] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:21.826] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:21.826] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:21.826] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:21.827] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:22.024] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51115.1726795578.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330941827, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51115, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6497119181245019, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:22.024] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:22.024] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:22.024] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:22.024] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:24.928] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25521 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51817.1726815043.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51817.1726815043.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=7a84da3eed73b04e63486e29caa617d43140643ebfc8cd7eb5804dbe1af439b9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014224Z&X-Amz-Expires=604800"} [2025-12-10 09:42:24.929] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:24.929] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:24.929] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:24.929] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:24.929] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:24.930] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:25.144] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51817.1726815043.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330944930, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51817, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9905808671595859, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:25.144] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:25.144] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:25.144] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:25.144] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:28.031] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25185 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51765.1726813641.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51765.1726813641.jsonl?X-Amz-Date=20251210T014227Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4f271d7db589ff97ea47f8b4ed10ee2d9923f6f75188e26813791b1ca9b3d039&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:42:28.031] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:28.031] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:28.031] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:28.031] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:28.031] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:28.032] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:28.225] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51765.1726813641.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330948032, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51765, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9918547827309265, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:28.225] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:28.225] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:28.225] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:28.225] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:31.134] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25186 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51771.1726813793.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51771.1726813793.jsonl?X-Amz-Date=20251210T014230Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=741baff0c7082a4039f390baf9aa914d1479c3550daf647f1f6d5563739b1123&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:42:31.134] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:31.134] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:31.134] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:31.134] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:31.134] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:31.135] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:31.342] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51771.1726813793.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330951135, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51771, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9958367333381308, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:31.342] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:31.342] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:31.342] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:31.342] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:34.237] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25187 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51219.1726799511.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51219.1726799511.jsonl?X-Amz-Signature=e63e7ded19c15734ae2e754cd8a030154bf1322c836b7621033a8ac74217f9dc&X-Amz-Date=20251210T014233Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:42:34.237] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:34.238] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:34.238] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:34.238] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:34.238] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:34.239] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:34.430] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51219.1726799511.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330954239, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51219, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.675247694982502, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:42:34.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:34.430] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:34.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:34.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:37.339] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25522 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51225.1726799663.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51225.1726799663.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014236Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7163de8f32c8bcfb2440b75d76479835e9262b2315f467f6bdbb889fae08bcc2"} [2025-12-10 09:42:37.340] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:37.340] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:37.340] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:37.340] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:37.340] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:37.340] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:37.533] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51225.1726799663.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330957340, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51225, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.6130112177499187, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:37.533] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:37.533] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:37.533] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:37.533] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:40.444] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25188 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54847_192-168-112-135_8443.1726627266.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54847_192-168-112-135_8443.1726627266.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014239Z&X-Amz-Signature=837f43eddd7cb653d1b3bed696ffe8d6435e95fdd4a66517b4e116a16a88a76e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:42:40.444] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:40.444] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:40.444] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:40.444] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:40.444] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:40.445] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:40.644] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54847_192-168-112-135_8443.1726627266.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330960445, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54847, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.981962657808915, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:40.644] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:40.644] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:40.644] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:40.644] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:43.547] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25189 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43320.1726308954.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43320.1726308954.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014243Z&X-Amz-Signature=a3b0af2caa80d182cc2b6a14f1245d37d5d5c27b7039dd59c097b15bc18d424a"} [2025-12-10 09:42:43.547] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:43.547] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:43.547] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:43.547] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:43.547] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:43.547] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:43.771] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43320.1726308954.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330963548, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43320, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9990477543978051, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 09:42:43.771] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:43.771] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:43.771] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:43.771] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:46.649] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25523 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41406_192-168-163-23_80.1726204637.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41406_192-168-163-23_80.1726204637.jsonl?X-Amz-Date=20251210T014246Z&X-Amz-Signature=01cb23127ee27981eeb10233e315cd1a48a3a21b167765c278ce134c75e656ae&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:42:46.649] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:46.649] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:46.649] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:46.649] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:46.649] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:46.650] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:46.853] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41406_192-168-163-23_80.1726204637.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330966650, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41406, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:46.853] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:46.853] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:46.853] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:46.854] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:49.750] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25524 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41741_192-168-163-23_80.1726206262.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41741_192-168-163-23_80.1726206262.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014249Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cff2d20e6b886edefeba87457be58c9aa25d0188f8f9222cc3833aa1b2509b53"} [2025-12-10 09:42:49.750] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:49.750] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:49.751] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:49.751] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:49.751] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:49.751] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:49.953] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41741_192-168-163-23_80.1726206262.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330969751, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41741, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:49.953] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:49.953] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:49.953] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:49.953] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:52.852] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25525 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41359_192-168-163-23_80.1726204301.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41359_192-168-163-23_80.1726204301.jsonl?X-Amz-Signature=5289a2b01dba164d9f87f11ecab29e41af466b36e2b29e041a659c0664bfc563&X-Amz-Date=20251210T014252Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:42:52.852] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:52.852] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:52.852] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:52.852] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:52.852] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:52.853] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:53.042] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41359_192-168-163-23_80.1726204301.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330972853, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41359, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:53.042] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:53.042] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:53.042] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:53.042] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:55.954] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25190 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41729_192-168-163-23_80.1726206210.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41729_192-168-163-23_80.1726206210.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e46156671e41b8e5dc33ce8b8f33234f42e55a344f2cb1603dd35e6bed8794d9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014255Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:42:55.955] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:55.955] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:55.955] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:55.955] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:55.955] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:55.955] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:56.144] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41729_192-168-163-23_80.1726206210.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330975956, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41729, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:56.144] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:56.144] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:56.144] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:56.144] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:42:59.056] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24423 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41419_192-168-163-23_80.1726204676.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41419_192-168-163-23_80.1726204676.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014258Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=663564986068ce0051e6724aaf75472aa3f6516bdc65d209facda1459d5a3e15"} [2025-12-10 09:42:59.056] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:42:59.056] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:42:59.057] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:42:59.057] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:42:59.057] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:42:59.057] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:42:59.250] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41419_192-168-163-23_80.1726204676.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330979057, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41419, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:42:59.250] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:42:59.250] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:42:59.250] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:42:59.250] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:02.158] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24424 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41744_192-168-163-23_80.1726206276.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41744_192-168-163-23_80.1726206276.jsonl?X-Amz-Signature=1a4cc6a9b1d2b13c59b6d7d578cbf13647da0f376230b1c37d37848048ea9e65&X-Amz-Date=20251210T014301Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:43:02.158] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:02.158] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:02.159] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:02.159] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:02.159] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:02.160] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:02.352] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41744_192-168-163-23_80.1726206276.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765330982160, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41744, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:43:02.352] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:02.352] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:02.352] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:02.352] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:05.260] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24425 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129620.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1b445198e480bbf8ffa7769499007dd35b73dafd067b04e32dc35c85cd0e70cf&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014304Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:43:05.260] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:05.260] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:05.260] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:05.260] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:05.260] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:05.261] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:05.267] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129620.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330985261, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:05.267] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:43:05.267] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:08.361] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25526 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129499.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129499.jsonl?X-Amz-Date=20251210T014307Z&X-Amz-Expires=604800&X-Amz-Signature=e3a86ecb083784fbef2a69428b69294588a844a54a46824050e9c24d8a4eea62&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:43:08.361] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:08.361] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:08.361] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:08.361] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:08.361] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:08.362] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:08.373] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_fe80--44cc-94ba-3a1b-84ca_5353_ff02--fb_5353.1726129499.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330988362, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:08.373] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:43:08.373] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:11.462] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25527 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726283914.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726283914.jsonl?X-Amz-Date=20251210T014310Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=fcd57926e47b2e8ab9ba5aa75a3ee28a2c15211f46d7fea5c188695b35d1d45c"} [2025-12-10 09:43:11.462] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:11.462] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:11.463] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:11.463] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:11.463] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:11.464] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:11.475] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726283914.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330991464, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:11.475] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:43:11.475] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:14.564] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25191 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129620.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014314Z&X-Amz-Signature=f199d59575609da9514578861a5b1786f4a3c59593542a248f125bcc59d22d8e&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:43:14.564] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:14.564] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:14.565] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:14.565] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:14.565] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:14.565] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:14.577] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129620.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330994566, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:14.577] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:43:14.577] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:17.665] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25192 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129499.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129499.jsonl?X-Amz-Signature=57387234ba72d9bcce6d75d7443b05c7e0284925a4cd2d1cc4ff8a4409600028&X-Amz-Date=20251210T014317Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:43:17.666] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:17.666] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:17.666] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:17.666] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:17.666] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:17.667] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:17.678] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.UDP_192-168-17-1_5353_224-0-0-251_5353.1726129499.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765330997667, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:17.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:43:17.678] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:20.768] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25528 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57515_192-168-32-40_80.1726196706.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57515_192-168-32-40_80.1726196706.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=785e6434b46226284ddb1b95f9d730f9211a4ce708d7b21aa1b40f693b070b83&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014320Z"} [2025-12-10 09:43:20.768] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:20.768] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:20.768] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:20.768] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:20.768] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:20.769] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:21.007] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57515_192-168-32-40_80.1726196706.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331000769, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 57515, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:43:21.007] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:21.007] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:21.007] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:21.007] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:23.871] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24426 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43330_192-168-37-136_8443.1727255874.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43330_192-168-37-136_8443.1727255874.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014323Z&X-Amz-Expires=604800&X-Amz-Signature=f24a9546f99ededf4ec60dcb4c4277f72b8a4b70bc209238fb0e2451636a7912"} [2025-12-10 09:43:23.871] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:23.871] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:23.871] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:23.871] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:23.871] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:23.872] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:24.067] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43330_192-168-37-136_8443.1727255874.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331003872, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43330, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999991656797786, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:43:24.067] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:24.067] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:24.067] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:24.067] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:26.972] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25193 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64657_192-168-112-135_8080.1726218782.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64657_192-168-112-135_8080.1726218782.jsonl?X-Amz-Date=20251210T014326Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=e8c6bd584771bf0786b43a35250b3d751ccebd972c8cd8a97e68499e90e8963c&X-Amz-SignedHeaders=host"} [2025-12-10 09:43:26.972] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:26.972] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:26.972] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:26.972] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:26.972] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:26.973] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:27.176] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64657_192-168-112-135_8080.1726218782.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331006973, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64657, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:43:27.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:27.176] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:27.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:27.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:30.074] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24427 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49195.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49195.1727228342.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1f3251dba046cb91138733e618789ef4856089e75733f645241c88a50c9ebd48&X-Amz-Date=20251210T014329Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:43:30.074] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:30.075] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:30.075] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:30.075] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:30.075] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:30.076] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:30.273] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49195.1727228342.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331010076, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49195, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9123586151413057, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:43:30.273] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:30.273] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:30.273] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:30.273] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:33.176] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24428 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49205.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49205.1727228345.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3d823edbb6b26fda82432e04f96043ecd67d661ed084f0076fa7e9b1f5164a9d&X-Amz-Date=20251210T014332Z"} [2025-12-10 09:43:33.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:33.176] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:33.177] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:33.177] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:33.177] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:33.178] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:33.417] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49205.1727228345.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331013178, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49205, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9723429172454786, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:43:33.417] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:33.417] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:33.417] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:33.417] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:36.279] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24429 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49214.1727228347.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49214.1727228347.jsonl?X-Amz-Date=20251210T014335Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9e4f8c6c179173dad47cfe837894a9d80dcfe08a0eca904688ecc7f17dab9fb5"} [2025-12-10 09:43:36.279] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:36.279] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:36.279] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:36.279] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:36.279] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:36.280] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:36.472] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49214.1727228347.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331016280, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49214, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5229356293541297, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:43:36.472] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:36.472] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:36.472] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:36.472] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:39.382] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25194 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49163.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49163.1727228334.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=85e48d528a7e449db8717ab06fa69f04773a049d3f29a2ca842ddb59315fdc52&X-Amz-Expires=604800&X-Amz-Date=20251210T014338Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:43:39.382] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:39.382] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:39.382] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:39.382] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:39.382] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:39.382] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:39.576] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49163.1727228334.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331019382, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49163, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9627407074253814, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:43:39.576] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:39.576] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:39.576] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:39.576] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:42.482] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25529 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54671_192-168-112-135_8080.1726627028.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54671_192-168-112-135_8080.1726627028.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=217c8d1b1998f39a5903e07ebe2deeb85f3fc4ba1eef7cd648effb4db9b0b5a4&X-Amz-Date=20251210T014341Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:43:42.482] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:42.482] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:42.483] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:42.483] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:42.483] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:42.483] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:42.694] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54671_192-168-112-135_8080.1726627028.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331022483, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54671, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:43:42.694] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:42.694] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:42.694] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:42.694] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:45.585] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25530 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192244.jsonl?X-Amz-Signature=1db7da1b8213ddf9d23b96c27bab6e298c5edb257f0ec9f5e2167bd58e1638ec&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014345Z&X-Amz-Expires=604800"} [2025-12-10 09:43:45.585] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:45.585] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:45.585] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:45.586] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:45.586] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:45.587] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:45.594] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726192244.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331025587, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:43:45.594] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:43:45.594] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:48.687] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25195 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49162.1727228273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49162.1727228273.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0dcb14bc411dbabbbabd6b6eeb5fa43086abef3bd882459e2261ef2920979b66&X-Amz-Expires=604800&X-Amz-Date=20251210T014348Z"} [2025-12-10 09:43:48.687] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:48.687] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:48.687] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:48.688] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:48.688] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:48.688] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:48.926] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49162.1727228273.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331028688, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49162, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9793434577408894, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:43:48.926] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:48.926] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:48.926] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:48.926] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:51.789] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25196 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49164.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49164.1727228334.jsonl?X-Amz-Date=20251210T014351Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1cd227af65fd1e29a42e5f7a55af1613e20a1d54855c968d7dc406d3c9945486"} [2025-12-10 09:43:51.789] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:51.789] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:51.789] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:51.789] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:51.789] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:51.790] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:51.982] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49164.1727228334.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331031790, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49164, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8128356571279334, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:43:51.982] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:51.982] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:51.982] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:51.982] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:54.891] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24430 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49165.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49165.1727228334.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T014354Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6967ea60b89e701bc8696c2b30785e18ff79e458b20d275114f89e6fc12e48e0&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:43:54.891] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:54.891] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:54.891] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:54.891] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:54.891] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:54.892] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:55.084] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49165.1727228334.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331034892, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49165, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8394237974606074, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:43:55.084] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:55.084] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:55.084] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:55.084] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:43:57.994] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25531 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49166.1727228334.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49166.1727228334.jsonl?X-Amz-Date=20251210T014357Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a61c095c0b8bb985f37b73475fedc5d311db0a039729047e8d1098f984854412"} [2025-12-10 09:43:57.994] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:43:57.994] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:43:57.994] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:43:57.994] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:43:57.994] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:43:57.995] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:43:58.187] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49166.1727228334.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331037995, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49166, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9173394690609071, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:43:58.187] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:43:58.187] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:43:58.187] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:43:58.187] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:01.095] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25197 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49167.1727228335.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49167.1727228335.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=25a610117e6843db78dc9d2d510fde5ea293b9589ac947b772200f513592a666&X-Amz-Date=20251210T014400Z"} [2025-12-10 09:44:01.096] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:01.096] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:01.096] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:01.096] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:01.096] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:01.096] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:01.288] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49167.1727228335.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331041097, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49167, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9728084570498172, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:44:01.288] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:01.288] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:01.288] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:01.288] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:04.198] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25532 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49178.1727228337.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49178.1727228337.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a2a5334ad89ad2d13ede3d57edf4fab0d2ee97066282916116f6dc819f89794b&X-Amz-Date=20251210T014403Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:44:04.198] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:04.198] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:04.198] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:04.198] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:04.198] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:04.199] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:04.395] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49178.1727228337.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331044199, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49178, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6771831112316992, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:44:04.395] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:04.395] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:04.395] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:04.395] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:07.302] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25533 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49179.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49179.1727228338.jsonl?X-Amz-Expires=604800&X-Amz-Signature=9dd93165d3cc944fd00be723f05716d1b5bc18f5c67176f67e54680b59282bea&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014406Z"} [2025-12-10 09:44:07.303] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:07.303] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:07.303] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:07.303] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:07.303] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:07.303] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:07.527] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49179.1727228338.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331047303, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49179, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8664756844436504, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:44:07.527] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:07.527] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:07.527] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:07.527] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:10.405] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25534 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49180.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49180.1727228338.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=8bab05d68868f15c10507b04f38d29a3fdd3f17d12d564df8a0bc3d3a93ab309&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014409Z&X-Amz-Expires=604800"} [2025-12-10 09:44:10.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:10.405] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:10.405] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:10.405] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:10.405] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:10.406] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:10.609] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49180.1727228338.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331050406, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49180, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9388282249369555, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:44:10.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:10.609] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:10.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:10.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:13.508] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25535 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49181.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49181.1727228338.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d54037b8fcf5310bfdd25f63c0f8be54749a049b940f89b37c076a6d8390e201&X-Amz-Date=20251210T014412Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:44:13.508] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:13.508] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:13.508] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:13.508] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:13.508] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:13.509] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:13.701] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49181.1727228338.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331053509, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49181, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7556896616318012, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:44:13.701] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:13.701] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:13.701] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:13.701] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:16.610] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25198 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49182.1727228338.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49182.1727228338.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014416Z&X-Amz-Expires=604800&X-Amz-Signature=176dc122846dae8901c6394292ff0d8a1e8882c8aeb538d52a589afb4acc72d3&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:44:16.611] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:16.611] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:16.611] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:16.611] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:16.611] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:16.611] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:16.812] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49182.1727228338.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331056611, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49182, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.609915037944741, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:44:16.812] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:16.812] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:16.812] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:16.812] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:19.713] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25199 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49183.1727228339.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49183.1727228339.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014419Z&X-Amz-Signature=d2ce9d804b3b2313fbe8f2fcce92d51c0ac743e0768971dad2bbed1adb97f7e4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:44:19.713] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:19.713] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:19.713] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:19.713] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:19.713] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:19.714] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:19.906] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49183.1727228339.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331059714, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49183, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9992367437755522, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:44:19.906] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:19.906] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:19.906] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:19.906] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:22.814] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25200 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49184.1727228339.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49184.1727228339.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=ce8f73407ea96a2f0374f669ff29486dd4ad8d22098c1015010d91eea413cf87&X-Amz-Date=20251210T014422Z"} [2025-12-10 09:44:22.814] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:22.814] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:22.815] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:22.815] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:22.815] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:22.816] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:23.013] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49184.1727228339.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331062816, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49184, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.999831430703893, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:44:23.013] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:23.013] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:23.013] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:23.013] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:25.916] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25201 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49185.1727228339.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49185.1727228339.jsonl?X-Amz-Signature=f7e1ee70930810db43f5f04e4e8e220341326ba9a3c86c0bc7eb0bfed57ac933&X-Amz-Date=20251210T014425Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:44:25.916] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:25.916] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:25.917] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:25.917] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:25.917] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:25.918] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:26.111] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49185.1727228339.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331065918, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49185, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9644225864167885, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:44:26.111] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:26.111] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:26.111] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:26.111] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:29.019] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24431 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49187.1727228340.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49187.1727228340.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=5b8fd4a554a0458d199f1ba8bab1980127ad732ee14271401576e55904e05ede&X-Amz-Date=20251210T014428Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:44:29.019] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:29.019] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:29.019] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:29.019] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:29.019] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:29.020] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:29.209] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49187.1727228340.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331069020, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49187, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9991696735818225, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:44:29.209] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:29.209] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:29.209] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:29.209] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:32.123] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24432 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49188.1727228340.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49188.1727228340.jsonl?X-Amz-Expires=604800&X-Amz-Signature=dfe34aad60a96490ed4efa00c0f7318e6fcf48dab3b0e851dbd42a4cc224db77&X-Amz-Date=20251210T014431Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:44:32.123] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:32.123] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:32.123] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:32.123] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:32.123] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:32.124] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:32.317] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49188.1727228340.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331072124, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49188, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9990365320615877, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:44:32.317] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:32.317] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:32.317] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:32.317] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:35.226] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24433 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49189.1727228340.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49189.1727228340.jsonl?X-Amz-Signature=4a98834a61dc3eab1c8c6ad9d50235dbb52015c6285d5ba48362898d6be06e3b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014434Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:44:35.226] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:35.226] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:35.226] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:35.226] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:35.226] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:35.227] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:35.419] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49189.1727228340.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331075227, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49189, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6704914626392562, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:44:35.419] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:35.419] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:35.419] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:35.419] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:38.328] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25202 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49190.1727228341.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49190.1727228341.jsonl?X-Amz-Date=20251210T014437Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2e4a4d17392c3c54bc34909547fa095d8375cd053b4ef475bbe31b21c6728b11&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:44:38.328] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:38.328] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:38.328] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:38.328] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:38.328] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:38.329] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:38.523] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49190.1727228341.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331078330, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49190, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6681120533328117, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:44:38.523] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:38.523] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:38.523] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:38.523] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:41.430] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25536 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49191.1727228341.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49191.1727228341.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=4333a9e06ddc1d850da6f1631d52ca3e5b20f01df935ec7801bbc914efe566e0&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014440Z&X-Amz-Expires=604800"} [2025-12-10 09:44:41.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:41.430] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:41.431] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:41.431] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:41.431] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:41.431] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:41.658] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49191.1727228341.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331081431, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49191, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.70713223924829, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:44:41.659] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:41.659] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:41.659] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:41.659] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:44.531] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24434 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726284545.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726284545.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014444Z&X-Amz-Expires=604800&X-Amz-Signature=df026f27a06c83ef6804e08c92dd55259cbb3ebf803e00fbd86a6bb15328e3d4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:44:44.531] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:44.531] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:44.531] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:44.531] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:44.531] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:44.532] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:44.540] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51842.1726284545.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331084533, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:44:44.540] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:44:44.540] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:47.633] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24435 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49192.1727228341.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49192.1727228341.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=12521e676154019f067dc490204b367cd6aa275a261daf2fb27d359f3904a678&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014447Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:44:47.633] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:47.633] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:47.633] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:47.633] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:47.633] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:47.634] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:47.871] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49192.1727228341.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331087635, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49192, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.776271931397361, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:44:47.871] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:47.871] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:47.871] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:47.871] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:50.737] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24436 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49193.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49193.1727228342.jsonl?X-Amz-Signature=9f3a0d41f7376593daefb22be0672424f8804754be55714b5669243e05e49a12&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014450Z&X-Amz-Expires=604800"} [2025-12-10 09:44:50.737] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:50.737] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:50.738] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:50.738] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:50.738] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:50.738] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:50.931] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49193.1727228342.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331090738, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49193, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9065707770298514, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:44:50.931] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:50.931] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:50.931] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:50.931] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:53.840] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25537 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49194.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49194.1727228342.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=670d2dc00e740c7b2490dcb811ce68cdea0d06e408d155402bb6c407858a03ad&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014453Z"} [2025-12-10 09:44:53.840] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:53.840] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:53.841] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:53.841] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:53.841] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:53.841] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:54.033] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49194.1727228342.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331093841, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49194, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6815273572290471, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:44:54.033] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:54.033] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:54.033] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:54.033] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:44:56.942] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25538 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49197.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49197.1727228343.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0dd8e3b0a63e54d132f9f601d5100bd1f1d2e1d5530f386684b94dcddf16bec7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014456Z"} [2025-12-10 09:44:56.942] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:44:56.942] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:44:56.942] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:44:56.942] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:44:56.942] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:44:56.943] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:44:57.147] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49197.1727228343.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331096943, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49197, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6257930564673225, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:44:57.147] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:44:57.147] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:44:57.147] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:44:57.147] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:00.044] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25203 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49198.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49198.1727228343.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=3025f75e2362062e21038554a5e453d1ff28b3c2b6751f0713303c1911d5ee04&X-Amz-Date=20251210T014459Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:45:00.044] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:00.044] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:00.045] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:00.045] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:00.045] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:00.045] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:00.240] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49198.1727228343.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331100045, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49198, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5208323091838872, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:45:00.240] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:00.240] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:00.240] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:00.240] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:03.147] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24437 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49199.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49199.1727228343.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=7ab47e7acb4bb4eaf5d38a7004a5e4c980ea2ea25d73e8d0a7996936848c247c&X-Amz-Date=20251210T014502Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:45:03.147] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:03.147] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:03.148] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:03.148] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:03.148] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:03.148] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:03.349] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49199.1727228343.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331103148, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49199, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8708762004632982, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:03.349] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:03.349] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:03.349] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:03.349] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:06.249] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24438 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49200.1727228343.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49200.1727228343.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=75c07202f94f31a5319afcae09e85334c8573c0e393f5ee2308810248625978c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014505Z"} [2025-12-10 09:45:06.249] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:06.249] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:06.249] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:06.249] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:06.249] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:06.250] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:06.441] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49200.1727228343.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331106250, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49200, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6404661592443197, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:45:06.441] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:06.441] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:06.441] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:06.441] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:09.352] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25539 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49201.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49201.1727228344.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=241a3538dc4fb12fa958ac054250ec98b56e8286bf50dab9fec715f0eb5524a0&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014508Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:45:09.352] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:09.352] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:09.352] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:09.352] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:09.352] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:09.353] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:09.546] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49201.1727228344.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331109353, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49201, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8700626674775306, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:09.546] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:09.546] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:09.546] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:09.546] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:12.454] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25204 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49202.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49202.1727228344.jsonl?X-Amz-Date=20251210T014511Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=349a203e06db595fc2f076616e3e252cb6867f6c989b4ba03c2b5c418fd0aad9&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:45:12.454] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:12.454] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:12.454] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:12.454] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:12.454] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:12.455] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:12.647] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49202.1727228344.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331112455, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49202, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.952812539485268, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:45:12.647] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:12.647] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:12.647] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:12.647] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:15.556] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25205 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49203.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49203.1727228344.jsonl?X-Amz-Date=20251210T014515Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=10934a227af7d3a4d215b16dcd7b94b6e1c44986809184bfebf184208ed04b35"} [2025-12-10 09:45:15.556] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:15.556] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:15.557] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:15.557] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:15.557] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:15.557] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:15.748] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49203.1727228344.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331115557, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49203, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.675426179227328, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:15.748] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:15.748] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:15.748] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:15.748] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:18.659] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25206 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49204.1727228344.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49204.1727228344.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014518Z&X-Amz-SignedHeaders=host&X-Amz-Signature=00229571123b6fd3f0134df9aca174cfd3b92733f2eae5c0a48917eb17edc6e0"} [2025-12-10 09:45:18.659] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:18.659] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:18.660] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:18.660] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:18.660] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:18.661] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:18.886] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49204.1727228344.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331118661, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49204, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.872413217346259, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:18.886] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:18.886] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:18.886] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:18.886] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:21.761] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24439 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49207.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49207.1727228345.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T014521Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c93e213744033e43417193e7e4943721b38ecf2a95bed2fa9e5c0ca4691cf06d"} [2025-12-10 09:45:21.761] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:21.761] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:21.762] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:21.762] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:21.762] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:21.762] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:21.954] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49207.1727228345.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331121762, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49207, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9866518536981347, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:21.954] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:21.954] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:21.954] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:21.954] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:24.865] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25540 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49208.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49208.1727228345.jsonl?X-Amz-Signature=d901d9f0badb64131c03043e83b1af6b8d5903fc8beb80e29bb707dd8942d82a&X-Amz-Date=20251210T014524Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:45:24.865] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:24.865] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:24.865] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:24.865] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:24.865] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:24.867] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:25.061] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49208.1727228345.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331124867, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49208, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987299237502186, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:25.061] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:25.061] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:25.061] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:25.061] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:27.967] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24440 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49209.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49209.1727228346.jsonl?X-Amz-Date=20251210T014527Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c0a6965f6bcb16049d0f178c8b2533b027c18983e557fd44740fd56b34a4f5c5"} [2025-12-10 09:45:27.967] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:27.967] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:27.968] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:27.968] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:27.968] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:27.968] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:28.161] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49209.1727228346.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331127968, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49209, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.749804018938855, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:45:28.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:28.161] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:28.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:28.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:31.070] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25541 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49210.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49210.1727228346.jsonl?X-Amz-Signature=d27dc6560b5ff0541153b3df57b54bebf997f333e46ae10f14f31293394bc274&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014530Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:45:31.070] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:31.070] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:31.070] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:31.070] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:31.070] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:31.071] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:31.263] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49210.1727228346.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331131071, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49210, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8503397167372608, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:31.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:31.263] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:31.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:31.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:34.172] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25542 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49211.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49211.1727228346.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=8a23f9fe2e64af275df91c41d55c8526df1ebab8ad6ad8a9ddc162ac3eba8184&X-Amz-Date=20251210T014533Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:45:34.172] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:34.172] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:34.173] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:34.173] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:34.173] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:34.174] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:34.373] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49211.1727228346.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331134174, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49211, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8252456489064133, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:34.373] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:34.373] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:34.373] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:34.373] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:37.275] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25543 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49212.1727228346.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49212.1727228346.jsonl?X-Amz-Signature=97541c795cf538a2110892ab63fb3502cfa313c9c72a25c62f7dad7bb89e16d7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014536Z"} [2025-12-10 09:45:37.275] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:37.275] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:37.275] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:37.275] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:37.275] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:37.276] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:37.473] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49212.1727228346.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331137276, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49212, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9865806649237132, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:45:37.473] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:37.473] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:37.473] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:37.473] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:40.377] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25544 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49213.1727228347.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49213.1727228347.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T014539Z&X-Amz-Signature=fb247bae0cd7a23a5c941fac9148db9603cb42ac6295dd07b851f7b066d7b5c2"} [2025-12-10 09:45:40.377] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:40.377] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:40.377] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:40.377] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:40.377] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:40.377] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:40.571] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49213.1727228347.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331140377, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49213, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9097916849017884, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:40.571] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:40.571] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:40.571] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:40.571] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:43.479] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25207 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49206.1727228345.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49206.1727228345.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=f80c131b112788359e1498ae28c0d97d500e863e4259995f22108e39d76386c0&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014543Z"} [2025-12-10 09:45:43.479] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:43.479] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:43.479] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:43.479] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:43.479] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:43.480] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:43.669] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49206.1727228345.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331143480, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49206, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9677342644366878, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:43.669] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:43.669] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:43.669] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:43.669] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:46.581] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25208 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49196.1727228342.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49196.1727228342.jsonl?X-Amz-Signature=bbe2384892f2cd22b15020666508d67cf63b4d5dcc27135649e6ddfc0cfd2c7e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014546Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:45:46.581] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:46.581] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:46.581] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:46.581] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:46.581] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:46.582] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:46.780] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49196.1727228342.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331146582, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49196, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8515432049926769, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:46.780] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:46.780] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:46.780] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:46.780] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:49.682] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24441 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192244.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=9ea855391aa270ab278ae5b45c4f155dd97ce959d9d69c50384341f89448d4c7&X-Amz-Date=20251210T014549Z"} [2025-12-10 09:45:49.682] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:49.682] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:49.683] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:49.683] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:49.683] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:49.683] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:49.690] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726192244.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331149683, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:45:49.690] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:45:49.690] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:52.784] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25545 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54663_192-168-112-135_8080.1726627010.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54663_192-168-112-135_8080.1726627010.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0dc1df3633d8497aef15a3e21e2fbb9e46a9ae5bb1b68d37765c699eee9bee84&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014552Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:45:52.784] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:52.784] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:52.785] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:52.785] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:52.785] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:52.786] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:53.020] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54663_192-168-112-135_8080.1726627010.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331152786, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54663, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:53.020] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:53.020] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:53.020] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:53.020] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:55.885] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25209 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64656_192-168-112-135_8080.1726218780.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64656_192-168-112-135_8080.1726218780.jsonl?X-Amz-Signature=654abad9d2da9d6af28827618fbb6969a907fc2502807189454c44f4ca55d5b3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014555Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:45:55.885] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:55.885] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:55.886] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:55.886] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:55.886] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:55.886] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:56.108] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64656_192-168-112-135_8080.1726218780.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331155887, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64656, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:56.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:56.108] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:56.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:56.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:45:58.986] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25210 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54669_192-168-112-135_8080.1726627025.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54669_192-168-112-135_8080.1726627025.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014558Z&X-Amz-Signature=21a83fd9eb18d2114639c28023f476fe226a2fa186e6a68be01778411753c362&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:45:58.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:45:58.986] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:45:58.987] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:45:58.987] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:45:58.987] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:45:58.987] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:45:59.193] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54669_192-168-112-135_8080.1726627025.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331158987, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54669, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:45:59.193] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:45:59.193] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:45:59.193] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:45:59.193] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:02.088] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25546 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54673_192-168-112-135_8080.1726627033.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54673_192-168-112-135_8080.1726627033.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014601Z&X-Amz-Signature=fbef8370c3161e9c9ddf7054343bc2a3574be024391b3ced645dd62c30f954d0&X-Amz-SignedHeaders=host"} [2025-12-10 09:46:02.088] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:02.088] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:02.089] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:02.089] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:02.089] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:02.089] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:02.284] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54673_192-168-112-135_8080.1726627033.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331162089, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54673, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:02.284] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:02.284] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:02.284] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:02.284] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:05.190] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24442 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54672_192-168-112-135_8080.1726627032.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54672_192-168-112-135_8080.1726627032.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=129faa7129b4ba8c3b0f6f9f7bdbe0d5e07a07f4c09f7ce036f9744ba9b270c0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014604Z&X-Amz-Expires=604800"} [2025-12-10 09:46:05.190] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:05.190] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:05.190] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:05.190] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:05.190] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:05.191] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:05.382] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54672_192-168-112-135_8080.1726627032.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331165191, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54672, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:05.382] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:05.382] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:05.382] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:05.382] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:08.293] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24443 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54666_192-168-112-135_8080.1726627022.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54666_192-168-112-135_8080.1726627022.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=6f46be165e23f444c6937d9a208294502737d83a14e1d006358c9aefd29d7957&X-Amz-Expires=604800&X-Amz-Date=20251210T014607Z"} [2025-12-10 09:46:08.293] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:08.293] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:08.293] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:08.293] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:08.293] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:08.294] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:08.501] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54666_192-168-112-135_8080.1726627022.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331168294, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54666, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:08.501] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:08.501] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:08.501] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:08.501] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:11.395] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25547 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64655_192-168-112-135_8080.1726218779.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64655_192-168-112-135_8080.1726218779.jsonl?X-Amz-Date=20251210T014610Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=568b213bedd443a9a48c88d4894a48180f40ad791625c18d89561670620a91a2"} [2025-12-10 09:46:11.395] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:11.395] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:11.395] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:11.395] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:11.395] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:11.396] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:11.586] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64655_192-168-112-135_8080.1726218779.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331171396, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64655, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:11.586] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:11.586] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:11.586] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:11.586] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:14.497] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24444 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54676_192-168-112-135_8080.1726627037.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54676_192-168-112-135_8080.1726627037.jsonl?X-Amz-Signature=f77f42964950ac8149f48989133919a3d50f986d01f0ae186cab72d1a93691dd&X-Amz-Date=20251210T014614Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:46:14.497] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:14.497] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:14.497] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:14.497] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:14.497] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:14.498] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:14.687] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54676_192-168-112-135_8080.1726627037.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331174498, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54676, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:14.687] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:14.687] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:14.687] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:14.687] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:17.599] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25211 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54674_192-168-112-135_8080.1726627034.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54674_192-168-112-135_8080.1726627034.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014617Z&X-Amz-Expires=604800&X-Amz-Signature=1b3b332c241a8e82ccbd1bdfa0dc291e9ef221482ca59ad202b4f7199d1aab03&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:46:17.599] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:17.599] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:17.600] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:17.600] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:17.600] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:17.600] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:17.790] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54674_192-168-112-135_8080.1726627034.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331177600, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54674, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:17.790] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:17.790] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:17.790] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:17.790] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:20.700] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24445 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54668_192-168-112-135_8080.1726627024.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54668_192-168-112-135_8080.1726627024.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=405b161e80854d465b8d8fcbd57493f20091a8b5bed4f0659cc1a93213217192&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014620Z"} [2025-12-10 09:46:20.700] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:20.700] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:20.700] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:20.700] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:20.700] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:20.701] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:20.909] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54668_192-168-112-135_8080.1726627024.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331180701, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54668, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:20.909] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:20.909] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:20.909] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:20.909] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:23.802] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25212 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726193202.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726193202.jsonl?X-Amz-Expires=604800&X-Amz-Signature=c9bbf6a1974be9aef3fbd34856c535b94b6e5e442660abaed7ce30c3c154b59e&X-Amz-Date=20251210T014623Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:46:23.802] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:23.802] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:23.803] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:23.803] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:23.803] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:23.803] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:23.811] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726193202.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331183803, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:23.811] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:46:23.811] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:26.904] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24446 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54677_192-168-112-135_8080.1726627038.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54677_192-168-112-135_8080.1726627038.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014626Z&X-Amz-Signature=fdc0b719375a3f0336156a2a353b8b904e65b62b95a4ab53678244fba0abdea9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:46:26.904] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:26.904] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:26.904] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:26.905] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:26.905] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:26.905] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:27.148] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54677_192-168-112-135_8080.1726627038.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331186906, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54677, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:27.148] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:27.148] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:27.148] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:27.148] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:30.006] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24447 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64654_192-168-112-135_8080.1726218768.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64654_192-168-112-135_8080.1726218768.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014629Z&X-Amz-Signature=bbcc9e7f05e5a8f0fc9363414dedff3eb62a2a26290d8b8cd105c0d8d4c289fd&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:46:30.006] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:30.006] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:30.007] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:30.007] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:30.007] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:30.007] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:30.227] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_http.pcap.TCP_192-168-112-1_64654_192-168-112-135_8080.1726218768.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331190007, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64654, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:30.227] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:30.227] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:30.227] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:30.227] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:33.108] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25548 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726193202.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726193202.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014632Z&X-Amz-Signature=ee542d2dd6d88d1d865b2bb7279db6fae29eec3b28e48d729070f48c34e70282"} [2025-12-10 09:46:33.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:33.108] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:33.108] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:33.108] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:33.108] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:33.109] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:33.117] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726193202.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331193110, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:33.117] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:46:33.117] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:36.210] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24448 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11580.1726284531.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11580.1726284531.jsonl?X-Amz-Date=20251210T014635Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c7ffa827c66b4428f1c5f61417c151e2ff8784cfbb662a5ecff1f759f7c3d24b&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:46:36.210] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:36.210] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:36.211] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:36.211] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:36.211] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:36.212] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:36.445] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11580.1726284531.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331196212, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11580, "dest_port": 4433, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:36.445] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:36.445] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:36.445] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:36.445] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:39.312] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25549 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018275.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018275.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c5f92a2e14d09ea77acd42db23ac59f461f8bbb9905c23a8bffca11875f2772a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014638Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:46:39.312] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:39.312] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:39.312] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:39.312] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:39.312] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:39.313] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:39.319] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018275.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331199313, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:39.319] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:46:39.319] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:42.413] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25213 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018396.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018396.jsonl?X-Amz-Date=20251210T014641Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4bbef4610b4dc03a39addff120ed999aa20eec6a60231bd8dfb305b8e10eb3a6&X-Amz-Expires=604800"} [2025-12-10 09:46:42.414] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:42.414] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:42.414] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:42.414] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:42.414] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:42.415] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:42.426] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726018396.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331202415, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:42.426] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:46:42.426] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:45.516] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25550 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726041711.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726041711.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1ce51ee4a087957fddc7dbd5e255b95496dc48c8512b2caadb2fbfc1b295a6d5&X-Amz-Date=20251210T014645Z&X-Amz-Expires=604800"} [2025-12-10 09:46:45.516] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:45.516] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:45.516] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:45.516] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:45.516] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:45.517] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:45.528] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726041711.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331205517, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:45.528] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:46:45.528] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:48.618] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25214 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726042677.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726042677.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=1e0cdd74eff01bb7ce389d4f9ca4d8fdefbdce6539a7239f768b7df16c14715a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014648Z"} [2025-12-10 09:46:48.618] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:48.618] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:48.618] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:48.618] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:48.618] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:48.619] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:48.630] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_fe80--59b3-66e0-f7a8-70f8_5353_ff02--fb_5353.1726042677.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331208619, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:46:48.630] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:46:48.630] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:51.719] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24449 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54661_192-168-112-135_8080.1726627004.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54661_192-168-112-135_8080.1726627004.jsonl?X-Amz-Date=20251210T014651Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=e70cca1dad177b87a102a174af7682610d87a2170291f6403b1db96a35f493cc"} [2025-12-10 09:46:51.719] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:51.719] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:51.719] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:51.719] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:51.719] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:51.720] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:51.956] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54661_192-168-112-135_8080.1726627004.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331211720, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54661, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:51.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:51.956] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:51.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:51.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:54.821] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24450 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54662_192-168-112-135_8080.1726627010.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54662_192-168-112-135_8080.1726627010.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=022472f563166fe7ffc522b5044697524207f50548dabfab23511ee0933b7407&X-Amz-Date=20251210T014654Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:46:54.821] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:54.821] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:54.821] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:54.821] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:54.821] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:54.822] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:55.011] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54662_192-168-112-135_8080.1726627010.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331214822, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54662, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:55.011] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:55.011] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:55.011] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:55.011] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:46:57.923] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24451 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54665_192-168-112-135_8080.1726627022.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54665_192-168-112-135_8080.1726627022.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b2ba8290983b94576f78e6548159c950a5caa71a9b6afb4f7760b164c90c2e60&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014657Z"} [2025-12-10 09:46:57.923] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:46:57.923] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:46:57.924] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:46:57.924] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:46:57.924] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:46:57.924] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:46:58.114] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_http.pcap.TCP_192-168-112-1_54665_192-168-112-135_8080.1726627022.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331217924, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54665, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:46:58.114] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:46:58.114] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:46:58.114] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:46:58.114] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:01.025] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25551 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018275.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018275.jsonl?X-Amz-Signature=baf18c6bc45b433853409742ec982794bbd02610ffb96f4c58aa354ce81c2320&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014700Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:47:01.025] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:01.025] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:01.026] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:01.026] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:01.026] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:01.026] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:01.032] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018275.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331221026, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:47:01.032] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:47:01.032] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:04.126] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25552 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018396.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018396.jsonl?X-Amz-Signature=26a1b560ef7294a4803d7f9e14350e1c738b14ed6e88690dfaa34813a4b32db7&X-Amz-Date=20251210T014703Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:47:04.126] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:04.126] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:04.127] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:04.127] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:04.127] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:04.128] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:04.139] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726018396.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331224128, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:47:04.139] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:47:04.139] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:07.228] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25553 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726041711.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726041711.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=296fca36285db77d777b0f644f382f54dc73339e0a6cc2760e67d2a085045a28&X-Amz-Date=20251210T014706Z&X-Amz-Expires=604800"} [2025-12-10 09:47:07.229] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:07.229] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:07.229] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:07.229] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:07.229] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:07.230] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:07.241] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726041711.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331227230, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:47:07.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:47:07.241] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:10.331] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24452 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726042677.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726042677.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=f93d4f8345912429cb109ed1792ef5c79b6c2975adb188adee15bff9f123c5ae&X-Amz-Expires=604800&X-Amz-Date=20251210T014709Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:47:10.331] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:10.331] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:10.331] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:10.331] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:10.331] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:10.332] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:10.343] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.UDP_192-168-52-1_5353_224-0-0-251_5353.1726042677.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765331230332, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:47:10.343] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:47:10.343] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:13.432] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25554 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_50834_192-168-0-202_20012.1726715829.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_50834_192-168-0-202_20012.1726715829.jsonl?X-Amz-Signature=341e48765fecf45ea2fedb5f78870a4fbf5e77ffbf2c4e7235b6db4e97e49d7b&X-Amz-Date=20251210T014712Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:47:13.432] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:13.432] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:13.433] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:13.433] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:13.433] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:13.434] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:13.669] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_50834_192-168-0-202_20012.1726715829.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331233434, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:47:13.669] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:47:13.669] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:16.535] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24453 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52976_192-168-32-40_443.1726127486.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52976_192-168-32-40_443.1726127486.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014716Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1f1911ca840b0633681d10a9b159356e0eecfc123f2302dc490720da4a842b3b"} [2025-12-10 09:47:16.535] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:16.535] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:16.536] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:16.536] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:16.536] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:16.536] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:16.727] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52976_192-168-32-40_443.1726127486.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331236536, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52976, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999977767188404, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:16.727] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:16.727] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:16.727] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:16.727] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:19.638] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25215 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52812_192-168-32-40_443.1726127476.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52812_192-168-32-40_443.1726127476.jsonl?X-Amz-Date=20251210T014719Z&X-Amz-SignedHeaders=host&X-Amz-Signature=1ae7eccae4c0ba018567bf54dd85038b63018dfac5e940eef653e99485e47dd0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:47:19.639] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:19.639] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:19.639] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:19.639] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:19.639] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:19.639] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:19.842] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52812_192-168-32-40_443.1726127476.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331239639, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52812, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9966471353749916, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:19.842] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:19.842] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:19.842] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:19.842] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:22.741] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25555 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52813_192-168-32-40_443.1726127477.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52813_192-168-32-40_443.1726127477.jsonl?X-Amz-Date=20251210T014722Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=3de10576540a6abe82753bb6f45471cfa251f2359ebcec776daad7ce3cd1ee73"} [2025-12-10 09:47:22.741] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:22.741] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:22.741] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:22.742] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:22.742] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:22.742] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:22.934] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52813_192-168-32-40_443.1726127477.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331242742, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52813, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999930148179449, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:22.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:22.934] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:22.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:22.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:25.844] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25556 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48270.1726130582.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48270.1726130582.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014725Z&X-Amz-Expires=604800&X-Amz-Signature=c0a258290a5c47c45c0b446c52e38949af20768cb67eb4da3a944ac0d8ca9c55&X-Amz-SignedHeaders=host"} [2025-12-10 09:47:25.844] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:25.844] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:25.844] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:25.844] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:25.844] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:25.845] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:26.044] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48270.1726130582.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331245845, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:47:26.044] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:47:26.044] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:28.947] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24454 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52966_192-168-32-40_443.1726127478.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52966_192-168-32-40_443.1726127478.jsonl?X-Amz-Signature=c556b33cb67a0e33682414d48fd4271caeeb858fbd4d1eef518201e56b687b98&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014728Z"} [2025-12-10 09:47:28.947] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:28.947] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:28.947] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:28.947] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:28.947] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:28.948] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:29.158] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52966_192-168-32-40_443.1726127478.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331248948, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52966, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999700077034432, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:29.158] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:29.158] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:29.158] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:29.158] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:32.050] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25557 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53648_192-168-112-135_443.1726625102.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53648_192-168-112-135_443.1726625102.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014731Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=9e256dd59518353f43e914d0ab3fea8fa5c13f94f8d952b7353b54cc25b171ff"} [2025-12-10 09:47:32.050] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:32.050] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:32.050] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:32.050] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:32.050] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:32.050] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:32.292] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53648_192-168-112-135_443.1726625102.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331252051, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53648, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999637603669073, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:32.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:32.292] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:32.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:32.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:35.152] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25558 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52645_192-168-32-40_443.1726127466.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52645_192-168-32-40_443.1726127466.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=5d3dec1379f47c86454c78c9bc01e0a4a94782ab783c4969be6deb4a39035771&X-Amz-Date=20251210T014734Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:47:35.152] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:35.152] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:35.153] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:35.153] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:35.153] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:35.153] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:35.346] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52645_192-168-32-40_443.1726127466.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331255153, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52645, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999476350190861, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:35.346] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:35.346] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:35.346] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:35.346] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:38.254] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24455 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52798_192-168-32-40_443.1726127473.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52798_192-168-32-40_443.1726127473.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7bf4484fd2e492dc6e288fadc69f11be4af738715375eea9c94988ed24413c28&X-Amz-Expires=604800&X-Amz-Date=20251210T014737Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:47:38.254] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:38.254] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:38.255] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:38.255] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:38.255] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:38.255] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:38.410] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52798_192-168-32-40_443.1726127473.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331258255, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52798, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999984414189609, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:38.410] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:38.410] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:38.410] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:38.410] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:41.356] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24456 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53137_192-168-32-40_443.1726127492.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53137_192-168-32-40_443.1726127492.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014740Z&X-Amz-Expires=604800&X-Amz-Signature=7260ec0273aad10808ef9ad15fbe08530cdd81da780a7bfd63f146ed6b9af387&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:47:41.356] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:41.356] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:41.356] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:41.356] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:41.356] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:41.357] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:41.566] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53137_192-168-32-40_443.1726127492.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331261357, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 53137, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999524064721669, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:41.566] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:41.566] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:41.566] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:41.566] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:44.459] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25559 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64742_192-168-112-135_8443.1726219077.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64742_192-168-112-135_8443.1726219077.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014743Z&X-Amz-SignedHeaders=host&X-Amz-Signature=ce112eea018726b82704bcf70951a11686f49fc7f815c9fea8ae7300b94c4c8c&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:47:44.460] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:44.460] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:44.460] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:44.460] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:44.460] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:44.460] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:44.651] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64742_192-168-112-135_8443.1726219077.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331264460, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64742, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.998189764443165, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:44.651] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:44.651] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:44.651] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:44.651] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:47.562] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25216 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54855_192-168-112-135_8443.1726627278.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54855_192-168-112-135_8443.1726627278.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014747Z&X-Amz-Expires=604800&X-Amz-Signature=cda6f0d1a71409fd99aac8ce94197a4c8dbec30162a922b73717b449cde4ba01&X-Amz-SignedHeaders=host"} [2025-12-10 09:47:47.562] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:47.562] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:47.562] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:47.562] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:47.562] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:47.562] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:47.766] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54855_192-168-112-135_8443.1726627278.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331267562, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54855, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9979254684619023, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:47.766] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:47.766] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:47.766] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:47.766] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:50.664] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25217 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51868.1726816620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51868.1726816620.jsonl?X-Amz-Signature=7de25aee43203672f393e3b6fbf0e2e69643d2532c8d4a7b20d7d2a77b9d519a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014750Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:47:50.664] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:50.664] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:50.664] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:50.664] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:50.664] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:50.665] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:50.874] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51868.1726816620.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331270665, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51868, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.67716028710914, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:50.874] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:50.874] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:50.874] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:50.874] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:53.766] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25560 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51112.1726795503.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51112.1726795503.jsonl?X-Amz-Signature=fd63f3f77f1ff2745ed62f24bba89495c8bff75e3f75e0dd9dcef80a48a719a9&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014753Z"} [2025-12-10 09:47:53.766] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:53.766] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:53.766] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:53.767] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:53.767] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:53.767] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:53.970] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51112.1726795503.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331273767, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51112, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5651993738764558, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:47:53.970] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:53.970] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:53.970] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:53.970] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:56.869] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25561 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51768.1726813717.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51768.1726813717.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014756Z&X-Amz-Signature=93df431c0747d16c92308b88179fb5cc8f996cec0a8103e58338d09012b2929f"} [2025-12-10 09:47:56.869] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:56.869] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:56.869] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:56.869] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:56.869] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:56.870] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:47:57.066] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51768.1726813717.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331276870, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51768, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.914844091541431, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:47:57.066] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:47:57.066] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:47:57.066] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:47:57.066] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:47:59.970] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25562 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51222.1726799587.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51222.1726799587.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014759Z&X-Amz-Signature=8a5746982bf78e5c5f2b68be9256c3b44c5196dca42888c8581402bf267fb207"} [2025-12-10 09:47:59.970] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:47:59.970] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:47:59.970] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:47:59.971] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:47:59.971] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:47:59.971] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:00.165] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51222.1726799587.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331279972, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51222, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8209179403780051, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:00.165] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:00.165] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:00.165] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:00.165] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:03.073] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25218 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54858_192-168-112-135_8443.1726627285.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54858_192-168-112-135_8443.1726627285.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014802Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=46671da14e5e1b7def0c2c41bf240be7b6227990874584e1de7508813ffffc5d"} [2025-12-10 09:48:03.073] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:03.073] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:03.073] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:03.073] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:03.073] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:03.074] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:03.292] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54858_192-168-112-135_8443.1726627285.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331283074, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54858, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9974635576044806, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:03.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:03.292] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:03.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:03.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:06.175] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25563 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51156.1726796707.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51156.1726796707.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=781968dcf03e35ab3645082b5c5c81b914f767845cc5bbff4c911e5d3cb4ab10&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014805Z"} [2025-12-10 09:48:06.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:06.176] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:06.176] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:06.176] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:06.176] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:06.176] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:06.369] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51156.1726796707.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331286176, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51156, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7904833379047614, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:48:06.369] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:06.369] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:06.369] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:06.369] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:09.278] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25219 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51911.1726817777.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51911.1726817777.jsonl?X-Amz-Signature=2144fd3c2460a807892ff2b0077c1925a56e20d8a34df47ab1c8a07340926927&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014808Z"} [2025-12-10 09:48:09.278] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:09.278] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:09.278] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:09.278] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:09.278] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:09.279] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:09.495] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51911.1726817777.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331289280, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51911, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9902476607497825, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:09.495] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:09.495] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:09.495] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:09.495] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:12.383] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24457 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51814.1726814967.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51814.1726814967.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a95240a3d4532419f0432b68f3835c5e0fcada71f1b03ba79705a8d1aae4d57f&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014811Z"} [2025-12-10 09:48:12.383] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:12.383] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:12.383] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:12.383] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:12.383] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:12.384] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:12.577] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51814.1726814967.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331292384, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51814, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.6439827887800125, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:12.577] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:12.577] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:12.577] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:12.577] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:15.487] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24458 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51274.1726800903.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51274.1726800903.jsonl?X-Amz-Signature=a79415b1647131d1ea3a3adb0a98ae38f718867cf9485ec8e4b4836fa1908bf9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014815Z&X-Amz-Expires=604800"} [2025-12-10 09:48:15.487] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:15.487] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:15.487] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:15.487] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:15.487] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:15.487] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:15.678] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51274.1726800903.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331295488, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51274, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9971468104648852, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:15.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:15.678] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:15.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:15.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:18.588] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24459 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58083_192-168-32-40_80.1726196742.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58083_192-168-32-40_80.1726196742.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=514902215fc0ab6d7750698a6164e85507f5cfeb0ca72705512ed22dac69cdb6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014818Z&X-Amz-Expires=604800"} [2025-12-10 09:48:18.589] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:18.589] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:18.589] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:18.589] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:18.589] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:18.589] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:18.788] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58083_192-168-32-40_80.1726196742.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331298589, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 58083, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:18.788] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:18.788] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:18.788] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:18.788] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:21.691] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25220 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50445.1727159624.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50445.1727159624.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=cb924fb5c116bfdd4a5b12f6da778b3b41afa1d44ffc771707a7ca0ef8594f54&X-Amz-Date=20251210T014821Z&X-Amz-Expires=604800"} [2025-12-10 09:48:21.691] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:21.691] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:21.691] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:21.691] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:21.691] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:21.692] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:21.889] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50445.1727159624.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331301692, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50445, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9967850187757732, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:48:21.889] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:21.889] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:21.889] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:21.889] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:24.794] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24460 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64741_192-168-112-135_8443.1726219075.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64741_192-168-112-135_8443.1726219075.jsonl?X-Amz-Date=20251210T014824Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=688bdfdf84e7d033afa7b99a1b08e19ce1e6eee4fa1bd0dfe625ad17cc23f8ea&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:48:24.794] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:24.794] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:24.795] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:24.795] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:24.795] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:24.796] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:25.005] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64741_192-168-112-135_8443.1726219075.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331304796, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64741, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9944981810014691, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:25.005] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:25.005] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:25.005] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:25.005] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:27.896] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25564 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64743_192-168-112-135_8443.1726219078.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64743_192-168-112-135_8443.1726219078.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014827Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a118699c1da172874ecbc72eb6302803ad20b0a2142e61709975b38997dc2397"} [2025-12-10 09:48:27.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:27.896] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:27.897] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:27.897] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:27.897] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:27.897] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:28.095] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64743_192-168-112-135_8443.1726219078.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331307897, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64743, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9885886646187916, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:28.095] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:28.095] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:28.095] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:28.095] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:30.998] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25221 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64745_192-168-112-135_8443.1726219080.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64745_192-168-112-135_8443.1726219080.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=56eacb1f35d7fd44584cce715403b29d6462150b2444f967d2597e6d0d27aade&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014830Z"} [2025-12-10 09:48:30.999] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:30.999] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:30.999] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:30.999] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:30.999] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:30.999] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:31.200] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64745_192-168-112-135_8443.1726219080.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331310999, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64745, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9936517302580103, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:31.200] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:31.200] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:31.200] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:31.200] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:34.099] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25222 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42213_192-168-163-23_80.1726208596.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42213_192-168-163-23_80.1726208596.jsonl?X-Amz-Date=20251210T014833Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=3768629b935274a6fdacebff482181a66bdd86f44d1cb17d7cf98241f5126655&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:48:34.099] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:34.099] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:34.099] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:34.099] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:34.100] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:34.100] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:34.299] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42213_192-168-163-23_80.1726208596.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331314101, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42213, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:34.299] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:34.299] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:34.299] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:34.299] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:37.202] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25223 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64739_192-168-112-135_8443.1726219071.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64739_192-168-112-135_8443.1726219071.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=52af1b1f3055925678a6a743d3fa7155dfaa17fc1011b51b4a65f4799856ca93&X-Amz-Date=20251210T014836Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:48:37.202] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:37.202] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:37.202] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:37.202] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:37.202] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:37.203] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:37.429] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64739_192-168-112-135_8443.1726219071.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331317203, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64739, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9977405261107022, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:37.429] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:37.429] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:37.429] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:37.429] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:40.302] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25565 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42204_192-168-163-23_80.1726208554.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42204_192-168-163-23_80.1726208554.jsonl?X-Amz-Date=20251210T014839Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=52d11a357b1bcfd6ab2c70b29129d59662660a141b996f8be5405d86c3495a34&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:48:40.302] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:40.302] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:40.303] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:40.303] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:40.303] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:40.303] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:40.492] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42204_192-168-163-23_80.1726208554.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331320303, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42204, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:40.492] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:40.492] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:40.492] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:40.492] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:43.405] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25224 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54850_192-168-112-135_8443.1726627273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54850_192-168-112-135_8443.1726627273.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014842Z&X-Amz-Expires=604800&X-Amz-Signature=69953cb924eefe14eb951fe96ad085a2e4f4aa80afab987262caab8108e557ae&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:48:43.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:43.405] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:43.405] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:43.405] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:43.405] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:43.406] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:43.613] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54850_192-168-112-135_8443.1726627273.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331323406, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54850, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9960139199578331, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:43.613] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:43.613] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:43.613] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:43.613] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:46.507] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25566 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42226_192-168-163-23_80.1726208633.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42226_192-168-163-23_80.1726208633.jsonl?X-Amz-Signature=44b3df9520771fb3c4f06498cf2d366f7d72e0765a2a3cae18d447ed7ccf3d49&X-Amz-Date=20251210T014845Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:48:46.507] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:46.507] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:46.507] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:46.507] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:46.507] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:46.507] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:46.703] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42226_192-168-163-23_80.1726208633.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331326507, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42226, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:46.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:46.704] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:46.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:46.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:49.608] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25225 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42016_192-168-163-23_80.1726207543.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42016_192-168-163-23_80.1726207543.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b506529f1c4626c348c501573a2c2153bf1126c7410781025ff891744e981c32&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014849Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:48:49.608] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:49.608] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:49.609] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:49.609] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:49.609] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:49.610] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:49.802] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42016_192-168-163-23_80.1726207543.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331329610, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42016, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:49.802] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:49.802] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:49.802] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:49.802] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:52.711] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24461 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42214_192-168-163-23_80.1726208605.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42214_192-168-163-23_80.1726208605.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T014852Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b53bb7c1a030256ce05035300cd25a942244f329d106d72a25f7751b6ab571ae&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:48:52.711] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:52.711] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:52.711] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:52.711] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:52.711] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:52.712] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:52.905] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42214_192-168-163-23_80.1726208605.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331332713, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42214, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:52.905] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:52.905] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:52.905] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:52.905] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:55.811] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25567 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42219_192-168-163-23_80.1726208620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42219_192-168-163-23_80.1726208620.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014855Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=31cc5cf26c5e98c0cad1735a6c6fe25593dde2f2539cfd7761f8421f60e2eaab&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:48:55.811] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:55.811] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:55.811] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:55.812] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:55.812] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:55.812] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:56.010] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42219_192-168-163-23_80.1726208620.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331335812, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42219, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:56.010] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:56.010] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:56.010] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:56.010] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:48:58.914] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25568 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54856_192-168-112-135_8443.1726627280.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54856_192-168-112-135_8443.1726627280.jsonl?X-Amz-Signature=a4d8700fbc7e1c7bd301c1b672a3881ca94751364660cbf0e801b8bc8ceb661c&X-Amz-Date=20251210T014858Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:48:58.914] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:48:58.914] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:48:58.915] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:48:58.915] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:48:58.915] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:48:58.915] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:48:59.110] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54856_192-168-112-135_8443.1726627280.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331338915, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54856, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.997457094242526, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:48:59.110] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:48:59.110] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:48:59.110] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:48:59.110] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:02.016] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25569 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64740_192-168-112-135_8443.1726219074.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64740_192-168-112-135_8443.1726219074.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=ecfab00132e5b98481fdfc6fff1e5d275d0aab2d4e929def4b275ad86226436b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014901Z"} [2025-12-10 09:49:02.017] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:02.017] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:02.017] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:02.017] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:02.017] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:02.017] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:02.205] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64740_192-168-112-135_8443.1726219074.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331342018, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64740, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9988654665344077, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:49:02.205] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:02.205] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:02.205] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:02.205] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:05.118] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25226 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41983_192-168-163-23_80.1726207404.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41983_192-168-163-23_80.1726207404.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014904Z&X-Amz-SignedHeaders=host&X-Amz-Signature=1c122465fae50030234cff1e032b114625dcb68e4ea433f6413e704edcc5acba"} [2025-12-10 09:49:05.118] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:05.118] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:05.118] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:05.118] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:05.118] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:05.118] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:05.311] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41983_192-168-163-23_80.1726207404.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331345119, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41983, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:49:05.311] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:05.311] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:05.311] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:05.311] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:08.219] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25570 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42209_192-168-163-23_80.1726208573.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42209_192-168-163-23_80.1726208573.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=f79e361344075cb9550d30a2b2f969fe2324e5fdfb026b2d7cbe803f6104df21&X-Amz-Date=20251210T014907Z"} [2025-12-10 09:49:08.219] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:08.219] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:08.219] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:08.219] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:08.219] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:08.220] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:08.438] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42209_192-168-163-23_80.1726208573.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331348220, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42209, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:49:08.438] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:08.438] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:08.438] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:08.438] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:11.322] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25227 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54851_192-168-112-135_8443.1726627275.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54851_192-168-112-135_8443.1726627275.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=de0f7992cb89cacb070d51d2a32f542986abd30bdef85109d25cde328d94342c&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014910Z"} [2025-12-10 09:49:11.322] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:11.322] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:11.323] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:11.323] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:11.323] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:11.323] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:11.514] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54851_192-168-112-135_8443.1726627275.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331351323, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54851, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9980349733615045, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:49:11.514] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:11.514] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:11.514] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:11.514] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:14.424] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25228 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51907.1726817685.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51907.1726817685.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014913Z&X-Amz-SignedHeaders=host&X-Amz-Signature=600e230392dd04e02396ca7a3f782f457b1944324613d93fded94dd30845d888&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:49:14.424] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:14.424] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:14.424] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:14.424] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:14.424] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:14.425] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:14.596] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51907.1726817685.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331354425, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51907, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7498671072453136, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:49:14.596] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:14.596] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:14.596] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:14.596] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:17.526] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25571 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51910.1726817761.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51910.1726817761.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7468c874e7b239c5e2fa6c302e60d2f1bdb627e073ac9ed581b0baee1146b0d9&X-Amz-Date=20251210T014917Z"} [2025-12-10 09:49:17.526] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:17.526] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:17.526] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:17.526] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:17.526] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:17.527] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:17.702] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51910.1726817761.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331357527, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51910, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9176733408604053, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:49:17.702] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:17.702] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:17.702] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:17.702] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:20.628] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25572 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51913.1726817837.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51913.1726817837.jsonl?X-Amz-Signature=d1bd429c1de605166815a20d66053970c5db7afd1f4174de25ed17abcc3d7ec1&X-Amz-Expires=604800&X-Amz-Date=20251210T014920Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:49:20.628] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:20.628] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:20.628] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:20.628] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:20.628] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:20.629] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:20.798] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51913.1726817837.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331360630, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51913, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7804626368341007, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:49:20.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:20.798] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:20.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:20.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:23.731] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25229 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51152.1726796616.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51152.1726796616.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014923Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=80ef991f0348538b19f035f2cf19a4e52878f4959aec6a3fbdee13a3bb038437&X-Amz-SignedHeaders=host"} [2025-12-10 09:49:23.731] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:23.731] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:23.731] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:23.731] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:23.731] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:23.731] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:23.896] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51152.1726796616.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331363732, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51152, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9564240808157058, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:49:23.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:23.896] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:23.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:23.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:26.833] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25573 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51155.1726796691.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51155.1726796691.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014926Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=c954ac1c352eb3cbbf6d48be0299e81ab792a6e8ad829181902eba6d0391a78b&X-Amz-Expires=604800"} [2025-12-10 09:49:26.833] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:26.833] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:26.833] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:26.833] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:26.833] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:26.834] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:27.029] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51155.1726796691.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331366834, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51155, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6404692550467705, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:49:27.029] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:27.029] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:27.029] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:27.029] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:29.936] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25574 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51158.1726796767.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51158.1726796767.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T014929Z&X-Amz-Signature=ecf58f72dbdf2a6aa1c7540ff25affca46cd4b13c02c7ee60cc6a47f09f7d784&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:49:29.936] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:29.936] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:29.936] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:29.936] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:29.936] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:29.936] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:30.128] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51158.1726796767.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331369937, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51158, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8248391299231592, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:49:30.128] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:30.128] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:30.128] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:30.128] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:33.038] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25230 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54848_192-168-112-135_8443.1726627269.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54848_192-168-112-135_8443.1726627269.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a109e92a72c6a01a7835d7d5cbde8e087b38264516b687743bbf1fb84129122c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014932Z"} [2025-12-10 09:49:33.038] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:33.038] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:33.038] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:33.038] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:33.038] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:33.038] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:33.230] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54848_192-168-112-135_8443.1726627269.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331373038, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54848, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9963970464067194, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:49:33.230] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:33.230] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:33.230] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:33.230] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:36.139] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24462 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42018_192-168-163-23_80.1726207584.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42018_192-168-163-23_80.1726207584.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014935Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=7695fb6b1f9dc889dff207d7e8489cb32f6c6297d00f028c9b56faaf04b87a97&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:49:36.139] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:36.139] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:36.139] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:36.139] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:36.139] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:36.139] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:36.330] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42018_192-168-163-23_80.1726207584.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331376139, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42018, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:49:36.330] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:36.330] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:36.330] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:36.330] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:39.242] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25231 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54857_192-168-112-135_8443.1726627282.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54857_192-168-112-135_8443.1726627282.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=6744d21f01a70e5d7cdcbb2f60608bf6150bf03e8e388548446d3aafac85d0e2&X-Amz-Date=20251210T014938Z"} [2025-12-10 09:49:39.242] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:39.242] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:39.242] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:39.242] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:39.242] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:39.243] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:39.436] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54857_192-168-112-135_8443.1726627282.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331379243, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54857, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999970659245342, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:49:39.436] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:39.436] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:39.436] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:39.436] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:42.344] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24463 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57835_192-168-32-40_80.1726196728.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57835_192-168-32-40_80.1726196728.jsonl?X-Amz-Expires=604800&X-Amz-Signature=dc561ee1c16bf608b5979c31059eaf50d188513c31445afed5e6d92bfcc038cc&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014941Z"} [2025-12-10 09:49:42.344] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:42.344] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:42.344] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:42.344] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:42.344] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:42.345] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:42.567] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57835_192-168-32-40_80.1726196728.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331382345, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 57835, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:49:42.567] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:42.567] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:42.567] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:42.567] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:45.445] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25575 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51810.1726814875.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51810.1726814875.jsonl?X-Amz-Signature=f2e787addfcac8ed27ceaad8708c654d26d9ea8a1f3b352af216cec73ce0e8d1&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T014944Z"} [2025-12-10 09:49:45.445] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:45.445] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:45.445] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:45.446] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:45.446] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:45.446] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:45.637] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51810.1726814875.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331385446, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51810, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8549264185255389, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:49:45.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:45.637] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:45.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:45.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:48.548] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25232 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51813.1726814951.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51813.1726814951.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T014948Z&X-Amz-SignedHeaders=host&X-Amz-Signature=450ab7500265dfd6f29771f45c01926a911db9faf9dd3ed02216b0e49c6ae5bc&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:49:48.548] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:48.548] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:48.548] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:48.549] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:48.549] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:48.550] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:48.742] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51813.1726814951.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331388550, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51813, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9169213898566784, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:49:48.742] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:48.742] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:48.742] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:48.742] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:51.651] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25233 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51816.1726815027.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51816.1726815027.jsonl?X-Amz-Date=20251210T014951Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=5911f94b13f831e9a74bd5205b911f6a8b701704d638d7ec314eb1e850c9840f&X-Amz-Expires=604800"} [2025-12-10 09:49:51.651] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:51.651] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:51.652] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:51.652] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:51.652] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:51.653] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:51.844] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51816.1726815027.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331391653, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51816, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7784450465277769, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:49:51.844] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:51.844] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:51.844] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:51.844] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:54.755] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25234 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51270.1726800812.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51270.1726800812.jsonl?X-Amz-Expires=604800&X-Amz-Signature=826af5ed1c821dcf0975f2a673d74b95131395c94099543ed9d0d8b664a129b4&X-Amz-Date=20251210T014954Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:49:54.755] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:54.755] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:54.755] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:54.756] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:54.756] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:54.757] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:54.948] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51270.1726800812.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331394757, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51270, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8989305967628844, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:49:54.948] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:54.948] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:54.948] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:54.948] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:49:57.859] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25576 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51273.1726800888.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51273.1726800888.jsonl?X-Amz-Expires=604800&X-Amz-Signature=9c3af84c490e303d78a76a2fa97f789a1666b36a5860e07f8e6c44c6d29ccc4f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T014957Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:49:57.859] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:49:57.859] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:49:57.860] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:49:57.860] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:49:57.860] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:49:57.860] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:49:58.059] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51273.1726800888.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331397860, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51273, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8840743179035093, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:49:58.059] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:49:58.059] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:49:58.059] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:49:58.059] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:00.961] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25235 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51276.1726800964.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51276.1726800964.jsonl?X-Amz-Date=20251210T015000Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=50507faeb3474591ca8fd1d9992ae47bdbfff6763b232ec27cb7826c1369cf43&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:50:00.961] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:00.961] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:00.962] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:00.962] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:00.962] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:00.962] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:01.172] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51276.1726800964.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331400962, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51276, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.6494420354275284, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:01.172] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:01.172] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:01.172] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:01.172] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:04.064] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24464 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42017_192-168-163-23_80.1726207569.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42017_192-168-163-23_80.1726207569.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015003Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7e5e509a0ca8ec5b4fb7a784753b6d8cc90f7bd75d1df476cdaad1afae82beab"} [2025-12-10 09:50:04.064] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:04.064] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:04.064] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:04.064] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:04.064] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:04.065] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:04.262] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42017_192-168-163-23_80.1726207569.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331404065, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42017, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:50:04.262] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:04.262] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:04.262] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:04.262] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:07.166] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24465 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51904.1726817609.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51904.1726817609.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015006Z&X-Amz-Signature=dad346cf17d1b12c81fe96dd1ec466608131bb410880068ce87355818be26ce2&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:50:07.166] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:07.166] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:07.166] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:07.166] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:07.166] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:07.167] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:07.358] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51904.1726817609.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331407167, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51904, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9077258172569825, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:50:07.358] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:07.358] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:07.358] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:07.358] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:10.268] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24466 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51149.1726796540.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51149.1726796540.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015009Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=fba472c6d3b22cb32c1f76cca4fcc52e11d2b3956d5ec820f9fe6c0971a2e132&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:50:10.268] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:10.268] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:10.269] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:10.269] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:10.269] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:10.269] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:10.467] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51149.1726796540.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331410269, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51149, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7930476786332924, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:10.467] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:10.467] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:10.467] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:10.467] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:13.370] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25577 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51867.1726816604.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51867.1726816604.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4b280994378f874c7026fd34463f0f791fdb1a6f06095e84bd23806d1d4fbd16&X-Amz-Expires=604800&X-Amz-Date=20251210T015012Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:50:13.370] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:13.370] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:13.370] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:13.370] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:13.370] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:13.371] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:13.580] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51867.1726816604.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331413371, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51867, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8704952835928917, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:50:13.580] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:13.580] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:13.580] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:13.580] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:16.472] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25236 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51870.1726816680.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51870.1726816680.jsonl?X-Amz-Expires=604800&X-Amz-Signature=9a2a0fa384d79cf5d6fac547e854a40a859ceee8395a6f8eec006744367fb8b3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015015Z"} [2025-12-10 09:50:16.472] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:16.472] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:16.472] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:16.472] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:16.472] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:16.473] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:16.661] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51870.1726816680.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331416474, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51870, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9153528874092203, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:16.661] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:16.661] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:16.661] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:16.661] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:19.576] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24467 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51111.1726795487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51111.1726795487.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f388e06d031d32a21394509e9ddd9b2d5cc4c1eff5e3eb49096cbd42702d4e59&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015019Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:50:19.576] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:19.576] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:19.576] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:19.576] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:19.576] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:19.577] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:19.798] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51111.1726795487.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331419577, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51111, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.916775698659375, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:19.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:19.798] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:19.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:19.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:22.678] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25578 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51114.1726795563.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51114.1726795563.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015022Z&X-Amz-Signature=a1d4fdc1941340fd7c7619a1b171e028a80466815f46b920b85747cf90c4c41a"} [2025-12-10 09:50:22.679] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:22.679] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:22.679] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:22.679] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:22.679] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:22.679] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:22.869] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51114.1726795563.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331422679, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51114, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9777326623147766, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:22.869] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:22.869] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:22.869] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:22.869] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:25.781] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25579 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54849_192-168-112-135_8443.1726627273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54849_192-168-112-135_8443.1726627273.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015025Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a84f23d0e555893c9854f13532c03a94f50642bdb78929374f61cbe197266b79&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:50:25.781] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:25.781] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:25.781] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:25.781] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:25.781] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:25.782] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:25.986] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID87_antsword_2.1.0_jsp_https.pcap.TCP_192-168-112-1_54849_192-168-112-135_8443.1726627273.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331425782, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54849, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9986786416097165, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:50:25.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:25.986] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:25.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:25.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:28.883] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25580 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42003_192-168-163-23_80.1726207471.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42003_192-168-163-23_80.1726207471.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=68a6e146e3788d6473ac546dc0b14e120eefac9b77010f773d804e9c54f81145&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015028Z"} [2025-12-10 09:50:28.883] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:28.883] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:28.883] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:28.883] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:28.883] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:28.884] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:29.074] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42003_192-168-163-23_80.1726207471.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331428884, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42003, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:50:29.074] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:29.074] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:29.074] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:29.074] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:31.986] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24468 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51807.1726814799.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51807.1726814799.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=aedf4902e1fc3c2b0cadebbb882f77a08c57de3b5e81f0b6b83688b77dbca936&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015031Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:50:31.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:31.986] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:31.986] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:31.986] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:31.986] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:31.987] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:32.211] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51807.1726814799.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331431987, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51807, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8944676465086725, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:32.211] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:32.211] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:32.211] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:32.211] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:35.090] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25581 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51267.1726800736.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51267.1726800736.jsonl?X-Amz-Date=20251210T015034Z&X-Amz-Signature=38772eb51da06610cf08001dfce8566710ace9b2603ecb6593d054a06bd76e06&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:50:35.090] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:35.090] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:35.090] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:35.090] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:35.090] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:35.091] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:35.287] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51267.1726800736.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331435091, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51267, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9520112014972585, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:50:35.287] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:35.287] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:35.287] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:35.287] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:38.193] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24469 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51767.1726813702.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51767.1726813702.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015037Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=05883ad321174ec7655b4d10794569deb80b8297cf0e01b5fcfdd71a25f977b0"} [2025-12-10 09:50:38.193] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:38.193] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:38.193] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:38.193] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:38.193] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:38.194] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:38.394] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51767.1726813702.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331438194, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51767, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9438503413518589, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:50:38.394] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:38.394] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:38.394] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:38.394] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:41.295] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24470 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51770.1726813778.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51770.1726813778.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=4997abaa50604407038eb2342a213be6617bbddf912ea62b01311e23bc3a10b9&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015040Z"} [2025-12-10 09:50:41.295] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:41.295] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:41.295] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:41.295] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:41.295] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:41.296] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:41.488] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51770.1726813778.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331441296, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51770, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7144807820989244, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:41.488] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:41.488] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:41.488] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:41.488] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:44.398] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25582 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51864.1726816528.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51864.1726816528.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=85247dc1168d4b13b8d0de37e130ebf0ac96c515378c9030b2e7f09744bc1904&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015043Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:50:44.398] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:44.398] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:44.398] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:44.398] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:44.398] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:44.398] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:44.591] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51864.1726816528.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331444398, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51864, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9406154167358071, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:44.591] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:44.591] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:44.591] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:44.591] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:47.503] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25237 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51221.1726799571.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51221.1726799571.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T015047Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=fb2b2a975a02857fa5637cb682c3a2dad78da7d17d15fb81bd07eb23dd0c6f80&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:50:47.503] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:47.503] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:47.503] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:47.503] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:47.503] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:47.504] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:47.696] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51221.1726799571.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331447504, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51221, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.9473445349389896, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:47.696] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:47.696] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:47.696] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:47.696] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:50.605] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24471 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51224.1726799647.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51224.1726799647.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=189791b4a02b7745f6db130d4d8e4e4a512c39b8cc515235d271cc2c4c6fd745&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015050Z"} [2025-12-10 09:50:50.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:50.605] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:50.605] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:50.605] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:50.605] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:50.605] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:50.798] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51224.1726799647.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331450605, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51224, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8517472665546844, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:50.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:50.798] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:50.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:50.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:53.708] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24472 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51108.1726795411.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51108.1726795411.jsonl?X-Amz-Signature=ff3154f8be458e6ed6608d10b9e8a553ec62e18a43275b4caaf45935cc35edc1&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015053Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:50:53.708] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:53.708] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:53.708] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:53.708] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:53.708] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:53.709] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:53.949] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51108.1726795411.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331453709, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51108, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8392515804044033, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:53.949] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:53.949] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:53.949] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:53.950] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:56.811] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24473 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51764.1726813626.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51764.1726813626.jsonl?X-Amz-Expires=604800&X-Amz-Signature=3f3d741abe6b3383dd7f485469980df6307da26c07b0017dd04d7ff803021f1b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015056Z"} [2025-12-10 09:50:56.811] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:56.811] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:56.811] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:56.811] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:56.811] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:56.812] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:50:56.986] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51764.1726813626.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331456812, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51764, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.9325163085458639, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:50:56.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:50:56.986] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:50:56.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:50:56.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:50:59.913] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25238 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51218.1726799495.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51218.1726799495.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015059Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b9aad701cdd30e005f42b221ae183e65f4efbfd2e4cdb9757d6e46d56b61a5c4&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:50:59.913] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:50:59.913] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:50:59.913] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:50:59.913] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:50:59.913] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:50:59.914] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:00.073] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51218.1726799495.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331459914, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51218, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8795958530980557, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:51:00.073] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:00.073] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:00.073] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:00.073] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:03.015] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24474 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41737_192-168-163-23_80.1726206235.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41737_192-168-163-23_80.1726206235.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bfb5abbfad283c3a9ab3d37defdfeefb5c6d2f6c86a8efdffcf27d5298631a2e&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015102Z"} [2025-12-10 09:51:03.015] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:03.015] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:03.015] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:03.015] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:03.015] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:03.016] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:03.224] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41737_192-168-163-23_80.1726206235.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331463016, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41737, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:03.224] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:03.224] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:03.224] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:03.224] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:06.118] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25583 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51905.1726817625.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51905.1726817625.jsonl?X-Amz-Date=20251210T015105Z&X-Amz-Signature=9d8d6f1fac0fb32ea272fddca383bd0bd8413029df4add081e7616c4aabb4d9a&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:51:06.118] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:06.118] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:06.118] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:06.118] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:06.118] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:06.119] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:06.310] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51905.1726817625.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331466119, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51905, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5694710971835998, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:06.310] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:06.310] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:06.310] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:06.310] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:09.329] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24475 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID1-4-tls1.3CS4.8_win11_kali_jdk_Domain.1730649909.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID1-4-tls1.3CS4.8_win11_kali_jdk_Domain.1730649909.jsonl?X-Amz-Date=20251210T015108Z&X-Amz-Signature=e1f644509a906282eb830371d039de5e64b4244ddbfd41e1ec2c5f67c493bea4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:51:09.329] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:09.329] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:09.329] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:09.329] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:09.329] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:09.330] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:09.641] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID1-4-tls1.3CS4.8_win11_kali_jdk_Domain.1730649909.jsonl|result:{"code": 1, "total_count": 41, "alert_count": 41, "abnormal_count": 41, "normal_count": 0, "timestamp": 1765331469330, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50245, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9427754789437156, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50240, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7460143940541006, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50217, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.88665995273261, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50228, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9445251007111932, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50216, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9529364841515092, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50163, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7744956526775698, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50197, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7250233473155627, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50200, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8191924005399444, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50157, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9837401038245965, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50154, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7797925580095155, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50211, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9561577769728932, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50224, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9793428598248682, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50226, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9520510033703173, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50196, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7883378959479387, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50219, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7879526134578518, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50141, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8016950731797269, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50205, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9496310163545119, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50233, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8631985948647156, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50159, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8726905352520049, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50235, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6979659612052407, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50237, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9020023494106068, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50239, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.4989886824170198, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50246, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7764631473253198, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50218, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9330502862781783, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50142, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9140612352387926, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50150, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5698351730075547, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50195, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.859611378054762, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50243, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7194031857892819, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50158, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8792161049301855, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50198, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7526817551597956, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50210, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9314252350421861, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50155, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8746111362024195, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50201, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8499495087940803, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50247, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8137767840729934, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50207, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8075997965196723, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50160, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.527074227206573, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50202, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6952493554840984, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50209, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7580829892252735, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50161, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8110834434666421, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50208, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9492184772662211, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50231, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5141997400951804, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:09.641] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 41|max_alert: 1000 [2025-12-10 09:51:09.641] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:09.641] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:09.641] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:12.432] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24476 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51150.1726796555.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51150.1726796555.jsonl?X-Amz-Signature=74bd479f3c23a4256d4c1de353d045d5b1872e372cfbc0de51317dd4b3e5217f&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015111Z"} [2025-12-10 09:51:12.432] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:12.433] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:12.433] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:12.433] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:12.433] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:12.433] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:12.631] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51150.1726796555.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331472433, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51150, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.683703974792815, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:12.631] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:12.631] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:12.631] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:12.631] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:15.534] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24477 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51808.1726814815.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51808.1726814815.jsonl?X-Amz-Date=20251210T015115Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=55141f9e5adb28f11f38ea5c0acb88c18d3ab8f813b2670bfe3eb3061e6b4e79"} [2025-12-10 09:51:15.534] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:15.534] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:15.534] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:15.535] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:15.535] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:15.535] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:15.728] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51808.1726814815.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331475535, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51808, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8541901061252963, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:51:15.728] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:15.728] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:15.728] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:15.728] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:18.637] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25584 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51268.1726800751.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51268.1726800751.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=5cae31520a1680223c7ec22c155c2b51d326670c15f038e52f226191984fc7e0&X-Amz-Date=20251210T015118Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:51:18.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:18.637] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:18.638] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:18.638] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:18.638] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:18.638] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:18.830] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51268.1726800751.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331478638, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51268, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.5903049085195861, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:18.830] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:18.830] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:18.830] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:18.830] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:21.739] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25585 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55484_192-168-112-135_80.1727254857.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55484_192-168-112-135_80.1727254857.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=0d9260c5b06237513545ddecf7a719c46ec352013bbd689dc2a0d88ccbff4bbc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015121Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:51:21.739] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:21.739] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:21.739] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:21.739] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:21.739] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:21.740] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:21.950] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55484_192-168-112-135_80.1727254857.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331481740, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55484, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:21.950] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:21.950] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:21.950] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:21.950] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:24.841] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25239 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64738_192-168-112-135_8443.1726219066.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64738_192-168-112-135_8443.1726219066.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015124Z&X-Amz-Signature=19d081473afbf1085dda1b7acd86346ca4068b33b998d578c1447ddc327a3a91"} [2025-12-10 09:51:24.841] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:24.841] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:24.842] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:24.842] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:24.842] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:24.842] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:25.063] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID88_antsword_2.1.8.1_jsp_https.pcap.TCP_192-168-112-1_64738_192-168-112-135_8443.1726219066.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331484842, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 64738, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9966612369206724, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:25.063] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:25.063] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:25.063] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:25.063] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:27.944] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25586 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51147.1726796464.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51147.1726796464.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=0a00e4c67c3c1245cf854b389a8ef7009d512ee944d75474e4990a25fabe51ca&X-Amz-Date=20251210T015127Z"} [2025-12-10 09:51:27.944] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:27.944] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:27.944] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:27.944] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:27.944] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:27.945] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:28.144] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51147.1726796464.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331487945, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51147, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.5574287788486448, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 09:51:28.144] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:28.144] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:28.144] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:28.144] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:31.048] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25240 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51908.1726817701.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51908.1726817701.jsonl?X-Amz-Date=20251210T015130Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=09b3dcad8825b15ee6ab1efd5e63805d690de7a736eec92fdb2652b6deb2d77e&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:51:31.048] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:31.048] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:31.048] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:31.048] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:31.048] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:31.049] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:31.244] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51908.1726817701.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331491049, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51908, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9837638142753491, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:31.244] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:31.244] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:31.244] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:31.244] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:34.149] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25587 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51914.1726817852.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51914.1726817852.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015133Z&X-Amz-Signature=febfc4a3b7370073a28892fcecc98e386d5f5c1b07c93ce72bae12c6dbd6fdb3"} [2025-12-10 09:51:34.149] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:34.149] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:34.150] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:34.150] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:34.150] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:34.150] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:34.346] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51914.1726817852.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331494150, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51914, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5219725503828033, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:34.346] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:34.346] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:34.346] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:34.346] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:37.252] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25241 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51153.1726796631.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51153.1726796631.jsonl?X-Amz-Signature=1410326fd22adc796a4bdea3b689138d7014ca6d9f46653ffc6b882152c308e9&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015136Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:51:37.252] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:37.252] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:37.252] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:37.252] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:37.252] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:37.253] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:37.444] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51153.1726796631.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331497253, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51153, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7858296540117953, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:37.444] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:37.444] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:37.444] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:37.444] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:40.355] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25242 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51159.1726796783.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51159.1726796783.jsonl?X-Amz-Date=20251210T015139Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=cfd70f6132007cbea005fe845a9dd9184e22d8197d9a16c0202e2c7cfbaec6e1&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:51:40.355] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:40.355] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:40.355] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:40.355] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:40.355] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:40.356] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:40.552] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51159.1726796783.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331500356, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51159, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7354736177059842, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:40.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:40.552] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:40.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:40.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:43.458] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24478 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51805.1726814724.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51805.1726814724.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=93ad7525baca40c44f423b09e02b07bf21b53ae783a09bd4c01624c5dd4daed7&X-Amz-Expires=604800&X-Amz-Date=20251210T015142Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:51:43.458] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:43.458] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:43.458] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:43.458] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:43.459] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:43.459] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:43.652] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51805.1726814724.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331503459, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51805, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.7787013078659158, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:43.652] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:43.652] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:43.652] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:43.652] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:46.561] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25243 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51898.1726817457.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51898.1726817457.jsonl?X-Amz-Date=20251210T015146Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=7ce394d31e3da0602c6a142b1e998ce7fa352da236b334bd103bba4558b26daf"} [2025-12-10 09:51:46.561] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:46.561] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:46.561] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:46.561] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:46.561] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:46.562] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:46.760] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51898.1726817457.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331506562, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51898, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5531385391749607, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:51:46.761] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:46.761] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:46.761] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:46.761] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:49.664] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24479 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51142.1726796372.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51142.1726796372.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a7d81a0d07fe94f3d3bcdeafc801bdada0024e1b7e35e5e64050c117b6b02e13&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015149Z"} [2025-12-10 09:51:49.665] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:49.665] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:49.665] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:49.665] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:49.665] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:49.666] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:49.855] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51142.1726796372.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331509666, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51142, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9002966346730812, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:51:49.855] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:49.855] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:49.855] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:49.855] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:52.767] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25244 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51862.1726816453.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51862.1726816453.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=ab62adb89c978af84277e2a2de475aefe1c26f29bd477d4b20722872688aa843&X-Amz-Date=20251210T015152Z"} [2025-12-10 09:51:52.767] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:52.767] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:52.767] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:52.767] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:52.767] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:52.767] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:52.964] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51862.1726816453.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331512767, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51862, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8621027184790087, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:51:52.964] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:52.964] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:52.964] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:52.964] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:55.869] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25588 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51106.1726795336.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51106.1726795336.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=604f22e3c89acdfcd3a316f5da72a07b77abe12cbe15533aab08e74bb7b824e9&X-Amz-Expires=604800&X-Amz-Date=20251210T015155Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:51:55.869] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:55.869] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:55.869] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:55.869] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:55.869] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:55.870] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:56.063] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51106.1726795336.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331515870, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51106, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.715040822249808, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:51:56.063] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:56.063] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:56.063] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:56.063] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:51:58.971] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25245 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51800.1726814632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51800.1726814632.jsonl?X-Amz-Date=20251210T015158Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=78748ae4972f5ed827e0c157d8e1c0f5c17748ed65367305eb2c53b0587bc867"} [2025-12-10 09:51:58.972] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:51:58.972] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:51:58.972] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:51:58.972] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:51:58.972] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:51:58.972] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:51:59.202] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51800.1726814632.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331518972, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51800, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9255906624646884, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:51:59.202] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:51:59.202] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:51:59.202] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:51:59.202] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:02.074] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24480 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51260.1726800568.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51260.1726800568.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c984be5c647a6fa9e95955f4fdf7dc0ec0192834616ccb8681467f622a701278&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015201Z"} [2025-12-10 09:52:02.074] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:02.074] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:02.074] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:02.074] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:02.074] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:02.075] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:02.235] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51260.1726800568.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331522075, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51260, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7938605210350151, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:52:02.235] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:02.235] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:02.235] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:02.235] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:05.179] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24481 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51216.1726799420.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51216.1726799420.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015204Z&X-Amz-SignedHeaders=host&X-Amz-Signature=75b9e5b7aba549d4d77f72b6d3930aba962ddfc9f6ca46a4225f458bdb8c1871&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:52:05.179] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:05.179] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:05.179] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:05.179] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:05.179] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:05.180] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:05.387] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51216.1726799420.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331525180, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51216, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.84095193599556, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:52:05.387] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:05.387] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:05.387] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:05.387] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:08.281] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25246 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51811.1726814891.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51811.1726814891.jsonl?X-Amz-Date=20251210T015207Z&X-Amz-Signature=e5c1b148b900761834adb3fa359d29a4f57675c03f6d693191dc972d97108ad4&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:52:08.281] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:08.281] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:08.281] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:08.281] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:08.281] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:08.282] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:08.478] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51811.1726814891.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331528282, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51811, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9902186269105376, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:08.479] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:08.479] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:08.479] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:08.479] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:11.383] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24482 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51271.1726800827.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51271.1726800827.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6f19767054cb8cb31a5b04ecb003d11484bd61ce212fee6a6ab189e388b2729d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015210Z"} [2025-12-10 09:52:11.383] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:11.383] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:11.384] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:11.384] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:11.384] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:11.385] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:11.579] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51271.1726800827.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331531385, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51271, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8192816349849472, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:11.579] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:11.579] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:11.579] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:11.579] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:14.488] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25589 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51277.1726800979.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51277.1726800979.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=afe67681c66a05bb8fe25b258539d86b7e4dd7da43d501bced884a8fedd7bb83&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015213Z"} [2025-12-10 09:52:14.488] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:14.488] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:14.488] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:14.488] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:14.488] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:14.488] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:14.686] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51277.1726800979.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331534489, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51277, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9912261189471189, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:14.686] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:14.686] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:14.686] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:14.686] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:17.589] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24483 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41383_192-168-163-23_80.1726204486.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41383_192-168-163-23_80.1726204486.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015217Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d85a0df19220613853818c6f8ef8466fd8f933fc05bd448ba044462f98ea7396&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:52:17.589] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:17.589] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:17.589] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:17.590] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:17.590] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:17.590] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:17.786] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41383_192-168-163-23_80.1726204486.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331537590, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41383, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:17.786] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:17.786] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:17.786] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:17.786] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:20.691] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24484 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41342_192-168-163-23_80.1726204181.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41342_192-168-163-23_80.1726204181.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015220Z&X-Amz-SignedHeaders=host&X-Amz-Signature=10b75c7281998f967de1e4cfb4ded8c9d0cc70599363d1d286a807bc5ba1a86f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:52:20.692] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:20.692] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:20.692] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:20.692] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:20.692] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:20.692] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:20.882] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41342_192-168-163-23_80.1726204181.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331540693, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41342, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:20.882] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:20.882] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:20.882] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:20.882] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:23.793] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25247 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41721_192-168-163-23_80.1726206189.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41721_192-168-163-23_80.1726206189.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=542094067bed2a99f032f872ccb64fcf7d00a78a628a6f532f5b1b2c184e817f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015223Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:52:23.793] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:23.793] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:23.794] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:23.794] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:23.794] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:23.795] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:23.986] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41721_192-168-163-23_80.1726206189.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331543795, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41721, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:23.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:23.986] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:23.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:23.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:26.896] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25590 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51902.1726817549.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51902.1726817549.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015226Z&X-Amz-SignedHeaders=host&X-Amz-Signature=777d1b763d1dd0d9c38ea6b9bd489976115a42ae1cf26fe806f8915b30690f65"} [2025-12-10 09:52:26.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:26.897] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:26.897] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:26.897] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:26.897] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:26.897] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:27.093] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51902.1726817549.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331546897, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51902, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9931240746423159, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:27.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:27.093] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:27.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:27.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:29.998] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25248 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44018.1726130594.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44018.1726130594.jsonl?X-Amz-Signature=5171326e0b7807b21e3859e900d1ed609ed2e5ed9cbbc23a8c24c7680bd1a63a&X-Amz-Date=20251210T015229Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:52:29.999] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:29.999] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:29.999] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:29.999] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:29.999] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:29.999] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:30.192] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44018.1726130594.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331549999, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:52:30.192] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:52:30.192] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:33.101] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25249 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44022.1726130597.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44022.1726130597.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015232Z&X-Amz-Signature=ea8cdddea54da29b7ec827dc8c460804b837921dcb60054f72244c04d04aa9af"} [2025-12-10 09:52:33.101] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:33.101] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:33.101] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:33.101] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:33.101] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:33.102] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:33.318] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44022.1726130597.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331553102, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44022, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6728841833184426, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:33.319] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:33.319] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:33.319] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:33.319] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:36.203] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25250 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44036.1726130600.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44036.1726130600.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=84305946e8c6d73734ac1248592420869d67c5725c0853495497ad7b00aaac83&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015235Z"} [2025-12-10 09:52:36.203] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:36.203] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:36.203] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:36.203] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:36.203] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:36.204] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:36.439] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44036.1726130600.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331556204, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44036, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8465086067455839, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:36.439] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:36.439] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:36.439] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:36.439] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:39.306] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25251 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43376.1726129534.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43376.1726129534.jsonl?X-Amz-Date=20251210T015238Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=08ed435b9dcf91e121eec3a2b460c730aa04f543b86a93cd7c0c27ab087c7bdc&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:52:39.306] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:39.306] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:39.307] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:39.307] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:39.307] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:39.307] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:39.512] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43376.1726129534.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331559307, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43376, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5495919355088006, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:39.512] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:39.512] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:39.512] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:39.512] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:42.408] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25591 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43412.1726129540.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43412.1726129540.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T015241Z&X-Amz-SignedHeaders=host&X-Amz-Signature=9f479204e7680c609657dc899cb5f452bdff65a2b02d21abc50913ec6f955022&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:52:42.408] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:42.408] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:42.409] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:42.409] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:42.409] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:42.409] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:42.612] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43412.1726129540.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331562409, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:52:42.612] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:52:42.612] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:45.511] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25592 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50538.1726129531.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50538.1726129531.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=555f9eccae9d1c1b5dd25c8e3ba008007b258959a2e36787946c9f6fc183da7a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015245Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:52:45.511] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:45.511] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:45.511] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:45.511] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:45.511] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:45.511] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:45.704] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50538.1726129531.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331565512, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50538, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6610424197399033, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:45.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:45.704] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:45.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:45.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:48.612] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25593 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33044.1726129602.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33044.1726129602.jsonl?X-Amz-Expires=604800&X-Amz-Signature=1681591a2199b56b61a4ddd5957dfac8bc271130c43f4cd6522273b685fcc38d&X-Amz-Date=20251210T015248Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:52:48.613] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:48.613] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:48.613] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:48.613] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:48.613] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:48.613] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:48.815] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33044.1726129602.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331568613, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33044, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7244387815839199, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:48.815] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:48.815] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:48.815] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:48.815] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:51.715] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25252 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33072.1726129605.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33072.1726129605.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015251Z&X-Amz-Expires=604800&X-Amz-Signature=13f1fda217833a7f47c971a687992e1ed997b688acfcc789dc8b6af3c649a11d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:52:51.715] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:51.715] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:51.715] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:51.716] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:51.716] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:51.716] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:51.914] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33072.1726129605.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331571716, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33072, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6961407686164033, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:51.914] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:51.914] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:51.914] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:51.914] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:54.818] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24485 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45844.1726129596.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45844.1726129596.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T015254Z&X-Amz-SignedHeaders=host&X-Amz-Signature=68f0f684cce7dc389f5b3d11a675df874231b625359dd95d569c7ef1ccef1b64&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:52:54.818] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:54.818] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:54.818] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:54.818] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:54.818] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:54.819] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:55.017] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45844.1726129596.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331574819, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45844, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8579854060527151, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:55.017] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:55.017] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:55.017] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:55.017] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:52:57.920] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24486 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36990.1726129656.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36990.1726129656.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015257Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6ff2a112032a00da79e21c186a2b61bec39ce79e777afbbce108c6ddb68ec0c7"} [2025-12-10 09:52:57.920] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:52:57.920] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:52:57.920] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:52:57.920] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:52:57.920] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:52:57.920] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:52:58.113] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36990.1726129656.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331577921, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36990, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5463985466238093, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:52:58.113] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:52:58.113] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:52:58.113] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:52:58.113] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:01.022] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25594 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52800_192-168-32-40_443.1726127475.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52800_192-168-32-40_443.1726127475.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015300Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=636d282f5e7d8021059d47be2bb1aaebfc012fc59ee22cf1e13f00b042d3cf49&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:53:01.022] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:01.022] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:01.023] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:01.023] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:01.023] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:01.023] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:01.229] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52800_192-168-32-40_443.1726127475.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331581023, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52800, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999166268488673, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:01.229] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:01.229] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:01.229] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:01.229] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:04.125] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25253 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53638_192-168-112-135_443.1726625075.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53638_192-168-112-135_443.1726625075.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=b05e00fb8b4e97cb1e43e1a6f5933089dd9431af13023c0f6fdad84e5694084a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015303Z"} [2025-12-10 09:53:04.125] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:04.125] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:04.125] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:04.125] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:04.125] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:04.126] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:04.318] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53638_192-168-112-135_443.1726625075.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331584126, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53638, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999929970441578, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:04.318] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:04.318] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:04.318] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:04.318] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:07.228] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24487 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53621_192-168-112-135_443.1726625033.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53621_192-168-112-135_443.1726625033.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015306Z&X-Amz-Expires=604800&X-Amz-Signature=94d8580952e6696cdc69dba77b0ead5437618699c92fc73a7c5f2528ab1ef426&X-Amz-SignedHeaders=host"} [2025-12-10 09:53:07.228] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:07.228] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:07.228] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:07.228] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:07.228] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:07.229] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:07.420] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53621_192-168-112-135_443.1726625033.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331587229, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53621, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999490768632505, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:07.420] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:07.420] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:07.420] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:07.420] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:10.329] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24488 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53649_192-168-112-135_443.1726625102.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53649_192-168-112-135_443.1726625102.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015309Z&X-Amz-Signature=dfbe588e09a12621dac21520e0d6500c5cbc2377280a86421cc316cb4f697817&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:53:10.329] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:10.329] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:10.329] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:10.329] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:10.329] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:10.330] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:10.525] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53649_192-168-112-135_443.1726625102.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331590330, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53649, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999971687684557, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:10.525] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:10.525] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:10.525] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:10.525] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:13.432] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24489 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50496.1727159736.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50496.1727159736.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=f4eb67eb677dea1cc6694c369756f115a799334a6691547ba82c04301476ea8e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015312Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:53:13.432] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:13.432] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:13.432] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:13.432] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:13.432] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:13.433] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:13.619] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50496.1727159736.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331593433, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50496, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9188679536963599, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:13.619] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:13.619] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:13.619] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:13.619] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:16.535] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24490 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41854_192-168-163-23_443.1726206884.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41854_192-168-163-23_443.1726206884.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=fd2789de69dfc1db192f120f644f74d27aed1eb3eb2ebe37cad258712bac9095&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015316Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:53:16.536] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:16.536] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:16.536] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:16.536] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:16.536] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:16.536] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:16.741] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41854_192-168-163-23_443.1726206884.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331596536, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41854, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9997953727110176, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:53:16.741] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:16.741] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:16.741] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:16.741] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:19.637] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25595 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57745_192-168-32-40_80.1726196721.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57745_192-168-32-40_80.1726196721.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015319Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e5ef659dcf1e5c0dcd99934c67eec0e0faadb5ada9aa39d9d43947e138149e7b"} [2025-12-10 09:53:19.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:19.637] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:19.637] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:19.637] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:19.637] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:19.638] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:19.835] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_57745_192-168-32-40_80.1726196721.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331599638, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 57745, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:19.836] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:19.836] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:19.836] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:19.836] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:22.740] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25254 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49198.1727231971.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49198.1727231971.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=f8d352a6f72a884f3427371ca1f97b204b2cff8e43e52465725675d677ed9ab6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015322Z&X-Amz-Expires=604800"} [2025-12-10 09:53:22.740] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:22.740] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:22.740] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:22.740] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:22.740] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:22.741] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:22.932] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49198.1727231971.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331602741, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49198, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9944640734596082, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:22.932] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:22.932] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:22.932] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:22.932] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:25.841] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25255 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44878.1726132156.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44878.1726132156.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T015325Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bfcd586d3b6edff88a990ead732e5472151157562520ca7b28109f46254f6f2c&X-Amz-SignedHeaders=host"} [2025-12-10 09:53:25.841] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:25.841] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:25.842] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:25.842] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:25.842] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:25.842] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:26.054] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44878.1726132156.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331605842, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44878, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7886796948345814, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:26.054] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:26.055] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:26.055] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:26.055] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:28.944] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25256 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44880.1726132160.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44880.1726132160.jsonl?X-Amz-Date=20251210T015328Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=cbf2b842e62369e89077c258ff647acb360ba8762f8643e3be755c6c9ba2666f"} [2025-12-10 09:53:28.944] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:28.944] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:28.945] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:28.945] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:28.945] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:28.946] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:29.141] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44880.1726132160.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331608946, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44880, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7927806494649347, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:29.141] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:29.141] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:29.141] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:29.141] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:32.046] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25257 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44882.1726132164.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44882.1726132164.jsonl?X-Amz-Signature=9ec41f4ae62170a814e33ae31f3a097c7ae45f23e6fe4b6d6a771afa1f0d8615&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015331Z&X-Amz-Expires=604800"} [2025-12-10 09:53:32.046] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:32.046] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:32.046] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:32.046] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:32.047] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:32.047] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:32.241] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44882.1726132164.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331612048, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44882, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8540260068036141, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:32.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:32.241] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:32.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:32.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:35.148] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25258 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44898.1726132181.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44898.1726132181.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2335e9d73d9fd24dba974d9b1abd11b8fb708068bac1d9d030e48ecf34110590&X-Amz-Date=20251210T015334Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:53:35.148] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:35.148] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:35.148] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:35.148] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:35.148] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:35.149] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:35.347] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44898.1726132181.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331615149, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44898, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6767071500659454, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:35.347] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:35.347] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:35.347] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:35.347] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:38.251] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25596 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44902.1726132198.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44902.1726132198.jsonl?X-Amz-Date=20251210T015337Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=eb35bb5b7411591a5492c30b490815979188b35b27a9aeff0a84d11b2c560415"} [2025-12-10 09:53:38.251] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:38.251] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:38.251] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:38.251] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:38.251] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:38.252] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:38.421] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44902.1726132198.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331618253, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44902, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5604761186120011, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:38.421] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:38.421] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:38.421] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:38.421] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:41.353] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25259 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44904.1726132202.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44904.1726132202.jsonl?X-Amz-Signature=3b20de6cef7ab5ad2fc46e74c044fdf00b4f5f921b00d9774ec6e87902407b51&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015340Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:53:41.353] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:41.353] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:41.353] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:41.353] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:41.353] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:41.354] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:41.580] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44904.1726132202.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331621354, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44904, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7747396296208913, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:41.580] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:41.580] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:41.580] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:41.580] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:44.455] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25260 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44908.1726132210.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44908.1726132210.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015343Z&X-Amz-Expires=604800&X-Amz-Signature=30050cf7965b08b404de2893ba2777a5c5f4c9b21b5497b43e2ce6250a7f677e"} [2025-12-10 09:53:44.455] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:44.455] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:44.455] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:44.455] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:44.455] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:44.456] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:44.649] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44908.1726132210.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331624456, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44908, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7313392605554522, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:44.649] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:44.649] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:44.649] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:44.649] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:47.557] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24491 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44922.1726132222.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44922.1726132222.jsonl?X-Amz-Date=20251210T015347Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=31e417eee019b75b6e743828c85ab925a4329d49821815a2b076b0fb65a34bea&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:53:47.557] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:47.557] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:47.557] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:47.557] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:47.557] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:47.558] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:47.748] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44922.1726132222.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331627558, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44922, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7216490316609567, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:47.748] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:47.748] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:47.748] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:47.748] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:50.660] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25261 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53324.1726132238.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53324.1726132238.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=edd9a58c1c3d736e48a2a98bd3c579f2aa113a93fbdb22c5c2247a5c8930cd08&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015350Z"} [2025-12-10 09:53:50.660] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:50.660] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:50.660] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:50.661] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:50.661] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:50.661] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:50.870] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53324.1726132238.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331630661, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53324, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.645743054285468, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:50.870] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:50.870] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:50.870] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:50.870] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:53.762] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24492 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53326.1726132242.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53326.1726132242.jsonl?X-Amz-Signature=5763505b2f7bce2786169dd89b33fdd8f8a468c685855dd7b3b169f1914bce2b&X-Amz-Date=20251210T015353Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:53:53.762] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:53.762] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:53.762] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:53.762] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:53.762] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:53.763] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:53.956] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53326.1726132242.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331633763, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53326, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7965803475820881, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:53.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:53.956] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:53.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:53.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:56.865] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25597 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53342.1726132259.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53342.1726132259.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T015356Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=558ec27bc158ed0a33024774ec40cc98db51e08202956303888beec208a77484"} [2025-12-10 09:53:56.865] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:56.865] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:56.865] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:56.865] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:56.865] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:56.866] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:53:57.062] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53342.1726132259.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331636866, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53342, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6721624046725702, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:53:57.062] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:53:57.062] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:53:57.062] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:53:57.062] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:53:59.967] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24493 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53344.1726132262.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53344.1726132262.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=abc875277b8dc8eb1b1c571c1389d5063c1f8c6e62739500981be709b87ae80f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015359Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:53:59.967] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:53:59.967] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:53:59.968] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:53:59.968] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:53:59.968] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:53:59.968] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:00.162] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53344.1726132262.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331639968, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53344, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6023557106412213, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:00.162] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:00.162] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:00.162] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:00.162] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:03.069] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25598 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33858.1726130418.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33858.1726130418.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015402Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b6dc47425282fe30afd7675e0c55cbcca51f4ff1a01b9a5914839ef61611a96d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:54:03.069] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:03.070] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:03.070] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:03.070] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:03.070] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:03.070] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:03.263] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33858.1726130418.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331643070, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33858, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7389562922671952, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:03.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:03.263] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:03.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:03.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:06.171] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25262 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52856.1726130403.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52856.1726130403.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015405Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=fbd1c7339a1c14935bd97f4e5fcd337701e3e957b67fea07680bb50bf5d19183"} [2025-12-10 09:54:06.171] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:06.171] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:06.171] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:06.171] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:06.171] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:06.172] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:06.370] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52856.1726130403.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331646172, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52856, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8234095922587584, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:06.370] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:06.370] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:06.370] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:06.370] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:09.273] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25263 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52870.1726130407.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52870.1726130407.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=c047b403da75ff34bc21a9f101d3f7828f941a1afe4d491b0e7b3ae911ac5b56&X-Amz-Date=20251210T015408Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:54:09.273] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:09.273] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:09.274] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:09.274] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:09.274] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:09.274] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:09.466] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52870.1726130407.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331649274, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52870, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6149387055645753, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:09.466] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:09.466] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:09.466] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:09.466] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:12.376] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25599 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_36998.1726130495.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_36998.1726130495.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015411Z&X-Amz-Expires=604800&X-Amz-Signature=84e136c4a39f567f5219477e0455e6c27be8c7f0a12d1495f51d4ff40001cbe6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:54:12.377] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:12.377] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:12.377] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:12.377] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:12.377] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:12.377] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:12.570] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_36998.1726130495.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331652377, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36998, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.910731468640802, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:12.570] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:12.570] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:12.570] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:12.570] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:15.479] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25264 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38776.1726130487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38776.1726130487.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015414Z&X-Amz-SignedHeaders=host&X-Amz-Signature=46ad7d54af4db6762ff4bd8cfe18e5c29340b5e17f4c637db2612112ffcac59d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:54:15.479] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:15.479] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:15.479] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:15.479] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:15.479] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:15.480] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:15.702] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38776.1726130487.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331655480, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:54:15.702] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:54:15.702] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:18.580] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25265 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38790.1726130491.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38790.1726130491.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=5a68992d18da48b141a87f6c3aca4888b381f7511d1d73ecacde41670603617a&X-Amz-Date=20251210T015418Z"} [2025-12-10 09:54:18.580] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:18.580] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:18.581] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:18.581] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:18.581] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:18.582] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:18.774] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_38790.1726130491.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331658582, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:54:18.774] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:54:18.774] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:21.681] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25266 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54133_192-168-37-136_8080.1727405503.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54133_192-168-37-136_8080.1727405503.jsonl?X-Amz-Date=20251210T015421Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e4275d342976b678564e97e8c41e743c0a96f3b68b9177c855f6e38c86eaaf91&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:54:21.681] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:21.681] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:21.682] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:21.682] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:21.682] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:21.682] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:21.868] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54133_192-168-37-136_8080.1727405503.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331661682, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54133, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:21.868] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:21.868] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:21.868] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:21.868] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:24.784] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25600 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32800.1726130556.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32800.1726130556.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015424Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bf5ce403cb85e48fbda21f2cda2831489f46f3a0f6ddc84f7bdcf592e582b598"} [2025-12-10 09:54:24.785] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:24.785] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:24.785] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:24.785] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:24.785] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:24.785] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:24.978] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32800.1726130556.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331664785, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 32800, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6393447179540175, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:24.978] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:24.978] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:24.978] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:24.978] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:27.887] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25267 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47822.1726130530.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47822.1726130530.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=27df875198c2296ae409a4406e1a024a793dd6d7f2129e4ea70bb5373ca043e8&X-Amz-Date=20251210T015427Z"} [2025-12-10 09:54:27.887] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:27.887] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:27.888] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:27.888] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:27.888] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:27.888] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:28.079] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_47822.1726130530.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331667888, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:54:28.079] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:54:28.079] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:30.989] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25601 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51514.1726130550.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51514.1726130550.jsonl?X-Amz-Date=20251210T015430Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b1fe9d556b30e4ae549ba3020a69d12b17bd43ef80f9733312eac44a2531eb49&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:54:30.989] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:30.989] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:30.989] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:30.989] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:30.989] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:30.990] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:31.201] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51514.1726130550.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331670990, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51514, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7920714737387965, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:31.202] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:31.202] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:31.202] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:31.202] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:34.092] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25602 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51736.1726130534.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51736.1726130534.jsonl?X-Amz-Signature=521d68c62b59aab124ec0fedab8c7f0079b257ce25401528df628847925f22b0&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015433Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:54:34.092] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:34.092] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:34.093] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:34.093] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:34.093] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:34.093] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:34.287] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51736.1726130534.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331674093, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:54:34.287] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:54:34.287] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:37.195] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25603 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36554.1726130578.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36554.1726130578.jsonl?X-Amz-Signature=a026f2f235d652fd9a761ec29cea4872522e7506e9bb6daade5447815d416bed&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015436Z"} [2025-12-10 09:54:37.195] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:37.195] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:37.195] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:37.195] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:37.195] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:37.196] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:37.353] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_36554.1726130578.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331677196, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36554, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.679389337568846, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:37.353] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:37.353] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:37.353] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:37.353] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:40.298] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24494 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41972.1726130607.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41972.1726130607.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=27fdcb715dd68e41c9817c79f8ae631aa95e8f356cd82cc69bed05af769c195c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015439Z"} [2025-12-10 09:54:40.298] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:40.298] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:40.298] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:40.298] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:40.298] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:40.299] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:40.456] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41972.1726130607.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331680299, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41972, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7506726691230895, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:40.456] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:40.456] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:40.456] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:40.456] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:43.401] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25268 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41988.1726130610.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41988.1726130610.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015442Z&X-Amz-Signature=4230efe83de40ef814761f292670c8699e48f61d455a39bb5eb62aab9a881c18"} [2025-12-10 09:54:43.401] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:43.401] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:43.401] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:43.401] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:43.401] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:43.401] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:43.559] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41988.1726130610.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331683402, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41988, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6932043396309915, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:43.559] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:43.559] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:43.559] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:43.559] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:46.504] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25269 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48286.1726130586.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48286.1726130586.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T015446Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=5ad8f31e8890f2b2846ea3eb6280da338f9721f46b8b70178bbfd8129b05a499&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:54:46.504] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:46.504] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:46.504] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:46.504] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:46.504] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:46.505] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:46.715] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48286.1726130586.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331686505, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 48286, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7498623734261112, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:46.715] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:46.715] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:46.715] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:46.715] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:49.607] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24495 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48288.1726130590.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48288.1726130590.jsonl?X-Amz-Signature=7e5b136a44a89cfd3f125a01a283dc94481d0ffb2264e5e729b38b36bdad146c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015449Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:54:49.607] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:49.607] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:49.607] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:49.607] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:49.607] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:49.608] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:49.801] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_48288.1726130590.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331689608, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:54:49.801] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:54:49.801] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:52.711] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24496 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34324.1726129515.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34324.1726129515.jsonl?X-Amz-Signature=797382f96d63fa498940f657dd6aede92c73af72d59bd3a6217e8f921040849c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015452Z"} [2025-12-10 09:54:52.711] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:52.711] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:52.711] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:52.711] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:52.711] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:52.712] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:52.912] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34324.1726129515.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331692712, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34324, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8598443676373912, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:52.912] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:52.912] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:52.912] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:52.912] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:55.815] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25270 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34338.1726129519.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34338.1726129519.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015455Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1a043b81a34c5eb16c09c879c665346eb82b7274525708b1b58996b5db4bfe87"} [2025-12-10 09:54:55.815] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:55.815] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:55.815] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:55.815] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:55.815] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:55.816] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:56.010] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_34338.1726129519.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331695816, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34338, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6600152343992454, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:56.010] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:56.010] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:56.010] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:56.010] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:54:58.918] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25604 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43408.1726129537.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43408.1726129537.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015458Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a2fa5671f6ceca88e3b58fe8b70809e6a3367bfdbffdcc76138c1ed1ff6dfab0"} [2025-12-10 09:54:58.918] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:54:58.918] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:54:58.918] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:54:58.918] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:54:58.918] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:54:58.919] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:54:59.143] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43408.1726129537.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331698920, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43408, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6608495747990313, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:54:59.143] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:54:59.143] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:54:59.143] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:54:59.143] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:02.021] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24497 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58164.1726129543.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58164.1726129543.jsonl?X-Amz-Date=20251210T015501Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=0826a8d27ee17c6e69d716c8ae45d590491356011b27e89633b9230027b8237f"} [2025-12-10 09:55:02.021] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:02.021] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:02.021] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:02.021] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:02.021] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:02.022] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:02.214] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58164.1726129543.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331702022, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58164, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5150716470914646, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:02.214] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:02.214] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:02.214] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:02.214] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:05.123] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25605 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58182.1726129549.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58182.1726129549.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=388f805a013a591a8fd30d87681b3ba302651d03048cf7a1fdc8b95ffc7c4abd&X-Amz-Date=20251210T015504Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:55:05.124] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:05.124] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:05.124] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:05.124] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:05.124] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:05.124] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:05.323] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58182.1726129549.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331705125, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58182, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7825537526527392, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:05.323] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:05.323] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:05.323] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:05.323] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:08.228] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24498 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45842.1726129592.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45842.1726129592.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015507Z&X-Amz-Signature=3e717b62b0348237490ec65e279cd48151ad7bf5a84cb9934afad4362622fffc"} [2025-12-10 09:55:08.228] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:08.228] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:08.228] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:08.228] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:08.228] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:08.229] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:08.430] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45842.1726129592.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331708229, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45842, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.592268158808573, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:08.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:08.430] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:08.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:08.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:11.330] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24499 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52104.1726129584.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52104.1726129584.jsonl?X-Amz-Date=20251210T015510Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=cfb924c33655e546f794c87d02224c31b13692f55d886bbe49cb9e636d985e53&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:55:11.331] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:11.331] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:11.331] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:11.331] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:11.331] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:11.331] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:11.539] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52104.1726129584.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331711331, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52104, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5820294787660791, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:11.539] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:11.539] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:11.539] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:11.539] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:14.432] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24500 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52112.1726129588.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52112.1726129588.jsonl?X-Amz-Date=20251210T015513Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cb5c65a50a7653e6bb02cfb0828faf8c1aef265a0ba161c7f4d4c7dd433b6035&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:55:14.433] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:14.433] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:14.433] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:14.433] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:14.433] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:14.433] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:14.626] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_52112.1726129588.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331714433, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52112, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7399493449817247, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:14.626] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:14.626] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:14.626] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:14.626] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:17.535] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24501 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35710.1726129632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35710.1726129632.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ca9210fd1818b293f4961c8615dee84946facb5e5d307417b6f031fae31d7d11&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015516Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:55:17.535] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:17.535] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:17.536] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:17.536] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:17.536] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:17.536] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:17.726] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35710.1726129632.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331717536, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35710, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5372650123307994, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:17.726] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:17.726] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:17.726] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:17.726] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:20.638] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25606 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35724.1726129636.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35724.1726129636.jsonl?X-Amz-Signature=98d0fd8c608cc5aa78d30c4542c277e1d1a8019bec24ec517fcc34d97466f7ae&X-Amz-Date=20251210T015520Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:55:20.638] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:20.638] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:20.638] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:20.638] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:20.638] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:20.639] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:20.846] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35724.1726129636.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331720639, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:55:20.846] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:55:20.846] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:23.740] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25607 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_37004.1726129660.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_37004.1726129660.jsonl?X-Amz-Date=20251210T015523Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=29926f78599edcb1605e9f464802fcc28e13331d97a963387d9f1e4f0fdabb6e"} [2025-12-10 09:55:23.740] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:23.740] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:23.740] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:23.740] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:23.740] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:23.741] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:23.951] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_37004.1726129660.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331723741, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 37004, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5915217816010709, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:23.951] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:23.951] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:23.951] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:23.951] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:26.842] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25271 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56522.1726129650.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56522.1726129650.jsonl?X-Amz-Date=20251210T015526Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=74124f189eb5ab32bc553d0f1c506140f846404389a1cc5afc91eb76d5f3c0bc&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:55:26.843] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:26.843] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:26.843] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:26.843] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:26.843] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:26.844] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:27.034] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56522.1726129650.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331726844, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56522, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7046661217476976, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:27.034] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:27.034] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:27.034] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:27.034] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:29.944] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25608 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_56136.1726129146.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_56136.1726129146.jsonl?X-Amz-Signature=43c5fb0acd0ef53adca28306060228172ca737f62bb005d8ddd400f30d88339e&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015529Z"} [2025-12-10 09:55:29.944] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:29.944] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:29.945] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:29.945] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:29.945] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:29.945] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:30.154] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_56136.1726129146.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331729945, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56136, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7120939475867335, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:30.154] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:30.154] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:30.154] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:30.154] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:33.047] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25272 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41835_192-168-163-23_443.1726206777.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41835_192-168-163-23_443.1726206777.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=9295ea69015ea8e7bf1245eb5861ea75e4b133c5b9d617a4b92ca473177b2e97&X-Amz-Date=20251210T015532Z&X-Amz-Expires=604800"} [2025-12-10 09:55:33.047] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:33.047] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:33.047] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:33.047] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:33.047] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:33.048] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:33.240] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41835_192-168-163-23_443.1726206777.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331733048, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41835, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9997064171622698, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:55:33.240] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:33.240] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:33.240] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:33.240] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:36.148] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24502 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42007_192-168-163-23_80.1726207522.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42007_192-168-163-23_80.1726207522.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015535Z&X-Amz-Signature=51d139eaf28c34afce3d5a99c02d24b94577444e1886c06ac865b192fce610f7&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:55:36.148] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:36.148] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:36.148] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:36.148] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:36.148] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:36.149] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:36.341] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_42007_192-168-163-23_80.1726207522.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331736149, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42007, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:36.341] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:36.341] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:36.341] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:36.341] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:39.251] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25273 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41530_192-168-163-23_443.1726205310.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41530_192-168-163-23_443.1726205310.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015538Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=21cb90a5e5e305da7d72eb06dbabf32d74f87b93d6da05f573285eb3bcce62e8"} [2025-12-10 09:55:39.251] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:39.251] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:39.251] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:39.251] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:39.251] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:39.252] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:39.447] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41530_192-168-163-23_443.1726205310.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331739252, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41530, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999719138549306, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:55:39.447] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:39.447] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:39.447] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:39.447] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:42.353] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25609 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41855_192-168-163-23_443.1726206901.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41855_192-168-163-23_443.1726206901.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=eac827ff87924b26b35bef016410876159da69fc9f9f5400d7c441e207b7d1cb&X-Amz-Date=20251210T015541Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:55:42.354] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:42.354] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:42.354] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:42.354] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:42.354] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:42.354] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:42.519] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41855_192-168-163-23_443.1726206901.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331742355, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41855, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9995499563485257, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:55:42.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:42.519] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:42.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:42.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:45.458] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24503 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44850.1726132117.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44850.1726132117.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015544Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e9669e0406bc63040e89106658d7ee5e7879f9ab26f79a6f0de96f8154ca7813"} [2025-12-10 09:55:45.458] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:45.458] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:45.459] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:45.459] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:45.459] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:45.459] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:45.619] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44850.1726132117.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331745459, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44850, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6907793735712409, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:45.619] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:45.619] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:45.619] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:45.619] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:48.561] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25274 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44896.1726132178.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44896.1726132178.jsonl?X-Amz-Date=20251210T015548Z&X-Amz-SignedHeaders=host&X-Amz-Signature=8bf441629f2f6a0853e9306ef2efddc2057a4fdc37db8bb0c989e284c8af6fba&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:55:48.561] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:48.561] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:48.562] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:48.562] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:48.562] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:48.562] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:48.731] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44896.1726132178.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331748562, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44896, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.656546421625667, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:48.731] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:48.731] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:48.731] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:48.731] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:51.663] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25275 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44920.1726132219.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44920.1726132219.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=df6e2fe41c6d00cfa50ef2b5d3272860bb366589b25fa4ec2142296b27797ee7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015551Z"} [2025-12-10 09:55:51.663] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:51.664] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:51.664] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:51.664] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:51.664] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:51.664] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:51.858] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44920.1726132219.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331751664, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44920, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6185975560935816, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:51.858] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:51.858] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:51.858] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:51.858] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:54.765] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25610 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53336.1726132253.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53336.1726132253.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015554Z&X-Amz-Signature=d890bc51e082824d9584b5165d921a7718616ba6ee904650f7d4d95104bf7c84&X-Amz-Expires=604800"} [2025-12-10 09:55:54.766] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:54.766] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:54.766] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:54.766] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:54.766] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:54.766] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:54.965] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53336.1726132253.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331754767, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53336, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.5295058357260812, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:54.965] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:54.965] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:54.965] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:54.965] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:55:57.868] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25611 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54372.1726130503.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54372.1726130503.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b757283accaf368a45a225069984059eb904767260094239a06bc4dfb1a4dc5f&X-Amz-Date=20251210T015557Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:55:57.868] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:55:57.868] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:55:57.868] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:55:57.868] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:55:57.868] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:55:57.869] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:55:58.062] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54372.1726130503.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331757869, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54372, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.878562954767242, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:55:58.062] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:55:58.062] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:55:58.062] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:55:58.062] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:00.971] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25612 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51482.1726130544.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51482.1726130544.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015600Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=67fcf4f55fbfa6e0ffdb92eca4b665f42b7820cb22f6dbddc6d2f8c0ec7b0ed9"} [2025-12-10 09:56:00.971] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:00.971] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:00.971] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:00.971] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:00.971] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:00.972] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:01.165] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51482.1726130544.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331760972, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51482, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6781951466688778, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:01.165] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:01.165] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:01.165] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:01.165] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:04.072] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25613 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41956.1726130604.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41956.1726130604.jsonl?X-Amz-Date=20251210T015603Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=5c6563f1368a16b24dc57a7ad257ff2f23a49e463760c24890d6dd7cf6575d0c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:56:04.072] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:04.072] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:04.073] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:04.073] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:04.073] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:04.073] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:04.271] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41956.1726130604.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331764073, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:56:04.271] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:56:04.271] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:07.175] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24504 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33056.1726129602.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33056.1726129602.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015606Z&X-Amz-Signature=f1d46bd5f3c131d7d49afdecaabe3bd0ad800f9b1310c933cf7ce3114b479ea7&X-Amz-SignedHeaders=host"} [2025-12-10 09:56:07.175] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:07.175] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:07.175] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:07.175] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:07.175] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:07.176] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:07.383] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33056.1726129602.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331767176, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33056, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6308113658289384, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:07.383] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:07.383] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:07.383] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:07.383] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:10.279] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24505 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36982.1726129653.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36982.1726129653.jsonl?X-Amz-Date=20251210T015609Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=22426c636b6f2f3890de3b129121aa6ef453a398f37f41f5e6bb8800d41c89d0&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:56:10.279] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:10.279] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:10.280] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:10.280] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:10.280] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:10.281] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:10.481] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36982.1726129653.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331770281, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36982, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.645358975713871, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:10.481] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:10.481] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:10.481] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:10.481] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:13.381] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25276 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33856.1726130415.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33856.1726130415.jsonl?X-Amz-Signature=02092c29b52cd53f62c1524bec6f152a40877e67011c1bdc073d8f288e5e7cd6&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015612Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:56:13.381] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:13.381] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:13.381] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:13.381] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:13.381] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:13.382] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:13.579] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33856.1726130415.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331773382, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:56:13.579] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:56:13.579] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:16.483] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25614 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35934.1726130424.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35934.1726130424.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=3a7990380c99622c053f6f751234a81a4c3b79f889f2a4b8fdc1091a58125870&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015615Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:56:16.483] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:16.483] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:16.484] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:16.484] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:16.484] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:16.484] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:16.685] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35934.1726130424.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331776484, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35934, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8765184103204687, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:16.685] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:16.685] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:16.685] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:16.685] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:19.587] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24506 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44888.1726132172.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44888.1726132172.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015619Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9f6d040d29350bd445447b71ce48ec492804155acbe037c56db96d41bfac1f81&X-Amz-Expires=604800"} [2025-12-10 09:56:19.587] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:19.587] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:19.587] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:19.587] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:19.587] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:19.588] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:19.780] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44888.1726132172.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331779588, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44888, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7618044728672403, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:19.780] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:19.780] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:19.780] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:19.780] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:22.689] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25615 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44912.1726132213.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44912.1726132213.jsonl?X-Amz-Signature=0f304183dcbafcc8f21123a6859c2e8c2a93eec65168b2dd6ba9609656fdb124&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015622Z"} [2025-12-10 09:56:22.689] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:22.689] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:22.690] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:22.690] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:22.690] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:22.690] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:22.911] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44912.1726132213.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331782690, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44912, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6941403930190175, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:22.911] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:22.911] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:22.911] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:22.911] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:25.793] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25277 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53332.1726132249.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53332.1726132249.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015625Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=86d78505245432b930f4651e8726ec78a2921fe1d3b0d4ce47405267062c9d0e"} [2025-12-10 09:56:25.793] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:25.793] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:25.793] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:25.793] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:25.793] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:25.794] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:25.987] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53332.1726132249.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331785794, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53332, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6762638693132109, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:25.987] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:25.987] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:25.987] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:25.987] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:28.896] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24507 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51766.1726130541.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51766.1726130541.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015628Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0198989c4a40146b4726880aa825c2f80a84e1c113cb5d08ee81e947417b3001"} [2025-12-10 09:56:28.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:28.896] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:28.896] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:28.896] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:28.896] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:28.897] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:29.092] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51766.1726130541.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331788897, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51766, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5230912463199346, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:29.092] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:29.092] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:29.092] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:29.092] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:31.998] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25278 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44024.1726130597.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44024.1726130597.jsonl?X-Amz-Signature=32a5b6f2ebde99322378458c28fa6f1b2f4c940f0f198b395cd2646d93581ed6&X-Amz-Date=20251210T015631Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:56:31.999] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:31.999] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:31.999] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:31.999] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:31.999] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:31.999] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:32.194] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44024.1726130597.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331791999, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44024, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.5200589530455904, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:32.194] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:32.194] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:32.194] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:32.194] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:35.101] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24508 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43392.1726129534.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43392.1726129534.jsonl?X-Amz-Date=20251210T015634Z&X-Amz-Signature=072c9e0b80d3af45edc3efc0a8744f8cfc9b5bd2265cfaa1ad5acb5ead87f864&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 09:56:35.101] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:35.101] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:35.101] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:35.101] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:35.101] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:35.102] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:35.295] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43392.1726129534.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765331795102, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 09:56:35.295] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 09:56:35.295] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:38.202] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24509 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45862.1726129599.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45862.1726129599.jsonl?X-Amz-Signature=2775eb48bc29f19bf9a255bde457f0efb6cfe19dd03795a24821d30bc43e45ac&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015637Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:56:38.202] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:38.202] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:38.203] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:38.203] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:38.203] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:38.203] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:38.400] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45862.1726129599.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331798203, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45862, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8844120553728769, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:38.400] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:38.400] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:38.400] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:38.400] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:41.305] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25616 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56508.1726129647.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56508.1726129647.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T015640Z&X-Amz-SignedHeaders=host&X-Amz-Signature=075e4a66f0a96a2c755189531079b1519bb43f43f831e26233e7d2ee092e2520"} [2025-12-10 09:56:41.305] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:41.305] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:41.306] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:41.306] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:41.306] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:41.306] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:41.504] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56508.1726129647.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331801306, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56508, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7612030493876523, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:41.504] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:41.504] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:41.504] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:41.504] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:44.408] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25617 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33868.1726130421.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33868.1726130421.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=38962aab28287b1d624585bce55349523d284f89d3b64227c16c27e0008ccf73&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015643Z"} [2025-12-10 09:56:44.408] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:44.408] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:44.408] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:44.408] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:44.408] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:44.409] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:44.601] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33868.1726130421.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331804409, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33868, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7907536706029601, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:44.601] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:44.601] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:44.601] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:44.601] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:47.511] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25618 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51754.1726130541.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51754.1726130541.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=07b7ca55450cccc1475e08549005eddca556f71504faf352327baf976492994e&X-Amz-Date=20251210T015647Z"} [2025-12-10 09:56:47.511] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:47.511] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:47.511] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:47.512] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:47.512] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:47.512] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:47.704] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51754.1726130541.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331807512, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51754, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6370738968028632, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:47.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:47.704] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:47.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:47.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:50.613] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24510 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58168.1726129546.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58168.1726129546.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015650Z&X-Amz-Signature=ebdca5c70dfd56a1d4743a44f83f654dc37e5c273bb46fb5c1cc16731c1340bd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:56:50.613] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:50.613] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:50.613] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:50.613] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:50.613] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:50.614] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:50.773] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58168.1726129546.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331810614, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58168, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5486665983652664, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:50.773] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:50.773] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:50.773] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:50.773] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:53.715] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25619 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45860.1726129599.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45860.1726129599.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e41e76da4e63628c307a89c5337ca17684caa4935bebb241aa5a643cd5f08155&X-Amz-Date=20251210T015653Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:56:53.715] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:53.715] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:53.715] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:53.715] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:53.715] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:53.716] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:53.912] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_45860.1726129599.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331813716, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45860, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.809274256789188, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:53.912] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:53.912] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:53.912] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:53.912] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:56.818] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25279 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36974.1726129653.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36974.1726129653.jsonl?X-Amz-Signature=d78ca8837fec896cb8fe726869fec73f8ed39e322c8f37eff398eb7745124f2c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015656Z"} [2025-12-10 09:56:56.819] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:56.819] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:56.819] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:56.819] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:56.819] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:56.820] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:56:57.047] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36974.1726129653.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331816820, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36974, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7909008152122282, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:56:57.047] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:56:57.047] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:56:57.047] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:56:57.047] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:56:59.920] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25280 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56490.1726129644.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56490.1726129644.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=81de3b6194a58bd11a7a5212979ddbdd7980a54b395354bc52e01ee54ffb0514&X-Amz-Date=20251210T015659Z"} [2025-12-10 09:56:59.921] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:56:59.921] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:56:59.921] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:56:59.921] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:56:59.921] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:56:59.921] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:00.092] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56490.1726129644.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331819921, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56490, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7423598538991082, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:00.092] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:00.092] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:00.092] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:00.092] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:03.023] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25620 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56494.1726129647.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56494.1726129647.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T015702Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=08a33e04a2a016470bd2185406fd7e6d480e8f1ad386b6be87e1dee02104f965"} [2025-12-10 09:57:03.023] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:03.023] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:03.023] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:03.023] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:03.023] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:03.024] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:03.182] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_56494.1726129647.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331823024, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56494, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.844063156911654, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:03.182] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:03.182] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:03.182] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:03.182] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:06.125] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24511 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54360.1726130503.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54360.1726130503.jsonl?X-Amz-Date=20251210T015705Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=faa3ffd88188472d5cced29875a7a694f82f18571279e46c5103d7e0c7f7a3c4"} [2025-12-10 09:57:06.125] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:06.126] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:06.126] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:06.126] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:06.126] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:06.126] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:06.285] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54360.1726130503.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331826126, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54360, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5824559064294447, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:06.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:06.285] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:06.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:06.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:09.228] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25621 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41524_192-168-163-23_443.1726205275.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41524_192-168-163-23_443.1726205275.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T015708Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ac6d16c661cb989c0403f846b92f3eb8d96b3168f674de0be684bcf56e841256"} [2025-12-10 09:57:09.228] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:09.228] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:09.229] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:09.229] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:09.229] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:09.229] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:09.422] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41524_192-168-163-23_443.1726205275.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331829229, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41524, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999496192481244, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 09:57:09.422] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:09.422] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:09.422] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:09.422] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:12.331] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24512 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47654.1726130399.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47654.1726130399.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015711Z&X-Amz-Signature=e7936a81609cf83e40dbc091002a5ccaf44c5968eb94f7d2920d06b81158810e&X-Amz-Expires=604800"} [2025-12-10 09:57:12.331] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:12.331] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:12.331] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:12.331] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:12.331] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:12.332] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:12.524] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_47654.1726130399.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331832332, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47654, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7026441794397728, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:12.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:12.524] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:12.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:12.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:15.434] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25622 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32786.1726130553.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32786.1726130553.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=66c40803d94ac835c2a8b7f7ac9ed7ea714dc2e6930d17fae9478a9a80dc2430&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015714Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:57:15.434] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:15.434] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:15.434] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:15.434] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:15.434] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:15.434] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:15.626] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_32786.1726130553.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331835434, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 32786, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8098754794129167, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:15.626] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:15.626] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:15.626] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:15.626] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:18.536] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24513 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50518.1726129523.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50518.1726129523.jsonl?X-Amz-Signature=ea54f0eadf70caf59953eb0e0e9bc5eca48b7f923f5a3a7e54e94119275e1b70&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015718Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 09:57:18.536] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:18.536] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:18.536] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:18.536] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:18.536] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:18.537] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:18.747] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50518.1726129523.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331838537, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50518, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5766166595943324, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:18.747] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:18.747] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:18.747] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:18.747] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:21.639] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25281 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50524.1726129527.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50524.1726129527.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7d2c16224db3b041a2c119c83eae5f66d6bf1a6524326a323370ab821b776cb6&X-Amz-Date=20251210T015721Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:57:21.639] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:21.639] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:21.639] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:21.639] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:21.639] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:21.640] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:21.817] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_50524.1726129527.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331841640, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50524, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6328550763870058, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:21.817] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:21.817] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:21.817] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:21.817] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:24.741] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25623 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35730.1726129640.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35730.1726129640.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015724Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ab855b3bf0d1ad31f8231739f168d2ec399ee91870b352336a92223eb0799c2c"} [2025-12-10 09:57:24.741] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:24.741] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:24.741] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:24.741] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:24.741] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:24.741] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:24.938] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_35730.1726129640.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331844741, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35730, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7117355304645763, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:24.938] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:24.938] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:24.938] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:24.938] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:27.843] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25624 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43321.1726308954.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43321.1726308954.jsonl?X-Amz-Date=20251210T015727Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=df5939e241d7a08cfb65a5d7ee8bbea27700b07e99c79b6e4280992c2d2b8634&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:57:27.843] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:27.843] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:27.844] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:27.844] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:27.844] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:27.844] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:28.036] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43321.1726308954.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331847844, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43321, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9995247443306217, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 09:57:28.036] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:28.036] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:28.036] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:28.036] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:30.946] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24514 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43414.1726129540.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43414.1726129540.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=bb8bd6b994480d8cfb3953d8b1ee97cf67f2ea52c8872c149b77d1ce26b7e62e&X-Amz-Expires=604800&X-Amz-Date=20251210T015730Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:57:30.947] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:30.947] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:30.947] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:30.947] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:30.947] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:30.947] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:31.172] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_43414.1726129540.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331850947, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43414, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.755307526352713, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:31.172] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:31.172] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:31.172] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:31.172] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:34.049] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25282 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43316.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43316.1726308782.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015733Z&X-Amz-Expires=604800&X-Amz-Signature=818254b03b221dc337db1c839269212e0598d70c3bf739ba1d06e434917a0956&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:57:34.049] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:34.049] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:34.049] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:34.049] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:34.049] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:34.049] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:34.207] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43316.1726308782.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331854050, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43316, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9979385434135288, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 09:57:34.207] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:34.207] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:34.207] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:34.207] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:37.152] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25625 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43317.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43317.1726308782.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015736Z&X-Amz-Signature=bd34a6d4963d08fe34f8517f1e4a07a26fd652e60aa276157746c4c4e8f9ab83&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:57:37.152] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:37.152] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:37.152] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:37.152] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:37.152] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:37.152] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:37.310] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43317.1726308782.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331857152, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43317, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9969962816008263, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 09:57:37.310] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:37.310] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:37.310] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:37.310] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:40.253] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24515 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50555.1727436113.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50555.1727436113.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=0c1593beb5ac22b47a5bb50220eb9e6e85066dbec18691b745052895a477ffb4&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015739Z"} [2025-12-10 09:57:40.253] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:40.253] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:40.253] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:40.253] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:40.253] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:40.254] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:40.409] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50555.1727436113.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331860254, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50555, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:40.409] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:40.409] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:40.409] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:40.409] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:43.357] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24516 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53624_192-168-112-135_443.1726625047.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53624_192-168-112-135_443.1726625047.jsonl?X-Amz-Signature=1a2a7bcc072411a72301d772c86a3a5ff0c1c1b159385491ba38478f9d5bcc25&X-Amz-Date=20251210T015742Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:57:43.357] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:43.357] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:43.357] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:43.357] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:43.357] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:43.357] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:43.564] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53624_192-168-112-135_443.1726625047.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331863357, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53624, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999821698763516, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:43.565] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:43.565] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:43.565] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:43.565] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:46.458] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25283 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43063_192-168-37-136_8080.1727255542.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43063_192-168-37-136_8080.1727255542.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015745Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=9a63d7256df2015ce9643461f3aeb14466ea2e7ec6ab77516f9aa36bcbd8f5ec"} [2025-12-10 09:57:46.458] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:46.458] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:46.458] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:46.458] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:46.458] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:46.459] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:46.645] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43063_192-168-37-136_8080.1727255542.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331866459, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43063, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:46.645] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:46.645] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:46.645] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:46.645] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:49.559] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25284 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63350.1727520055.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63350.1727520055.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4a492c155a63a36319448bdfba795b5afdf67b7abb659ebdd2a531bc203a910d&X-Amz-Date=20251210T015749Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:57:49.560] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:49.560] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:49.560] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:49.560] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:49.560] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:49.560] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:49.751] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63350.1727520055.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331869560, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63350, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:49.751] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:49.751] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:49.751] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:49.751] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:52.660] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25285 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11957_192-168-52-129_80.1726192517.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11957_192-168-52-129_80.1726192517.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=438db73ccfd7177afa9aa1ea75bd01c7e338b1420b21aae29398e489dfd82261&X-Amz-Date=20251210T015752Z"} [2025-12-10 09:57:52.660] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:52.660] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:52.660] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:52.660] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:52.660] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:52.661] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:52.868] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11957_192-168-52-129_80.1726192517.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331872661, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11957, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:52.868] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:52.868] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:52.868] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:52.868] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:55.763] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25626 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53625_192-168-112-135_443.1726625050.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53625_192-168-112-135_443.1726625050.jsonl?X-Amz-Expires=604800&X-Amz-Signature=c0d5a93f074d7ec1a0d78dd4fbe19e663d1422cf9c0b2684cba9023b3a27caea&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015755Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:57:55.763] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:55.763] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:55.763] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:55.763] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:55.763] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:55.764] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:55.968] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53625_192-168-112-135_443.1726625050.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331875764, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53625, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999752113134179, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:55.968] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:55.968] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:55.968] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:55.968] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:57:58.867] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25286 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53642_192-168-112-135_443.1726625085.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53642_192-168-112-135_443.1726625085.jsonl?X-Amz-Date=20251210T015758Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=0611719836b2812fccb4b1da064fd9b41eca4dfa4e41742aa57536812366e1f0&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:57:58.867] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:57:58.867] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:57:58.867] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:57:58.867] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:57:58.867] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:57:58.867] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:57:59.058] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53642_192-168-112-135_443.1726625085.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331878867, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53642, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999904070570224, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:57:59.058] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:57:59.058] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:57:59.058] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:57:59.058] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:01.968] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24517 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43061_192-168-37-136_8080.1727255540.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43061_192-168-37-136_8080.1727255540.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c0fff5563ce894e1ebf0f9cdc3f2438593fbc61bbdecc7cef0cacce61f261242&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015801Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:58:01.968] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:01.968] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:01.968] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:01.968] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:01.968] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:01.969] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:02.190] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43061_192-168-37-136_8080.1727255540.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331881969, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43061, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:02.190] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:02.190] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:02.190] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:02.190] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:05.071] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24518 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53560_192-168-112-135_443.1726624881.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53560_192-168-112-135_443.1726624881.jsonl?X-Amz-Date=20251210T015804Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=08f9bce0b37aa9219c79944213057486fa41fb9d4f7705892c513a1cf8268722"} [2025-12-10 09:58:05.071] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:05.072] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:05.072] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:05.072] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:05.072] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:05.072] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:05.277] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53560_192-168-112-135_443.1726624881.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331885072, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53560, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999885275321531, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:05.277] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:05.277] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:05.277] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:05.277] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:08.173] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25627 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54129_192-168-37-136_8080.1727405489.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54129_192-168-37-136_8080.1727405489.jsonl?X-Amz-Date=20251210T015807Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e306e47e136e7eb9b9c7a25e7c5d9750ba9218c5568b0c49e2e22ab32f2a043e"} [2025-12-10 09:58:08.173] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:08.173] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:08.173] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:08.173] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:08.173] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:08.174] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:08.364] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54129_192-168-37-136_8080.1727405489.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331888174, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54129, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:08.364] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:08.364] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:08.364] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:08.364] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:11.274] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25628 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36457_192-168-37-136_8080.1727405538.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36457_192-168-37-136_8080.1727405538.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015810Z&X-Amz-SignedHeaders=host&X-Amz-Signature=980a0c8c71526df515efdb7aa07e0219bf2f101349d72c80c9fa673b2114bde1&X-Amz-Expires=604800"} [2025-12-10 09:58:11.274] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:11.274] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:11.274] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:11.275] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:11.275] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:11.275] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:11.483] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36457_192-168-37-136_8080.1727405538.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331891276, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36457, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:11.483] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:11.483] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:11.483] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:11.483] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:14.376] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25629 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36453_192-168-37-136_8080.1727405528.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36453_192-168-37-136_8080.1727405528.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015813Z&X-Amz-Expires=604800&X-Amz-Signature=48db5606ad21f1a00467621a4a2fe013ed28bc3c7572f7a2369812bedcf5486d"} [2025-12-10 09:58:14.376] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:14.376] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:14.377] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:14.377] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:14.377] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:14.377] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:14.567] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36453_192-168-37-136_8080.1727405528.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331894377, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36453, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:14.567] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:14.567] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:14.567] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:14.567] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:17.478] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25287 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36455_192-168-37-136_8080.1727405533.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36455_192-168-37-136_8080.1727405533.jsonl?X-Amz-Signature=dba9719d8269d1d31b348879439ecc104712e5ea1294336c011657c3421d0408&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015816Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:58:17.478] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:17.478] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:17.478] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:17.478] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:17.479] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:17.479] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:17.683] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36455_192-168-37-136_8080.1727405533.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331897480, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36455, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:17.683] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:17.683] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:17.683] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:17.683] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:20.579] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24519 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54138_192-168-37-136_8080.1727405512.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54138_192-168-37-136_8080.1727405512.jsonl?X-Amz-Expires=604800&X-Amz-Signature=a0f55a5216966cc7ee75276e775543a37319d5d7bf555306347fc855e736339d&X-Amz-Date=20251210T015820Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:58:20.580] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:20.580] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:20.580] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:20.580] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:20.580] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:20.580] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:20.769] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54138_192-168-37-136_8080.1727405512.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331900580, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54138, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:20.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:20.769] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:20.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:20.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:23.681] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24520 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54130_192-168-37-136_8080.1727405491.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54130_192-168-37-136_8080.1727405491.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3a70b3b39260430033f7260508fbba30b7b141944b9f1385918aa4f0ec99d6d4&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T015823Z"} [2025-12-10 09:58:23.681] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:23.681] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:23.681] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:23.681] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:23.681] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:23.682] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:23.874] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54130_192-168-37-136_8080.1727405491.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331903682, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54130, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:23.874] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:23.874] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:23.874] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:23.874] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:26.782] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25630 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54131_192-168-37-136_8080.1727405496.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54131_192-168-37-136_8080.1727405496.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9b8ec7839ed6b990e4c9ceed6aa94778c349170dc83eed90bbe600bf6f153ac1&X-Amz-Date=20251210T015826Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:58:26.782] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:26.782] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:26.782] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:26.782] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:26.782] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:26.783] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:26.990] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54131_192-168-37-136_8080.1727405496.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331906783, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54131, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:26.990] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:26.990] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:26.990] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:26.990] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:29.883] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25631 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36454_192-168-37-136_8080.1727405529.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36454_192-168-37-136_8080.1727405529.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8addc0fd437e6bd3b9a43149b83c944b176e67b6d7034b65f31b435063666c33&X-Amz-Date=20251210T015829Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:58:29.883] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:29.883] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:29.884] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:29.884] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:29.884] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:29.884] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:30.045] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36454_192-168-37-136_8080.1727405529.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331909884, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36454, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:30.045] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:30.045] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:30.045] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:30.045] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:32.985] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25632 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36456_192-168-37-136_8080.1727405536.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36456_192-168-37-136_8080.1727405536.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=54a38e096a58b73778cddea0fd979e4e8a00bac5c044da5e6014bc33b48dde6e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015832Z&X-Amz-SignedHeaders=host"} [2025-12-10 09:58:32.985] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:32.985] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:32.985] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:32.985] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:32.985] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:32.986] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:33.176] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36456_192-168-37-136_8080.1727405536.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331912986, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36456, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:33.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:33.176] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:33.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:33.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:36.086] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25288 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54136_192-168-37-136_8080.1727405509.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54136_192-168-37-136_8080.1727405509.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015835Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=db04179e8ce8700b540284115abd5fd3218bc1be559391c53b0691f404e84e62"} [2025-12-10 09:58:36.087] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:36.087] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:36.087] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:36.087] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:36.087] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:36.087] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:36.307] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54136_192-168-37-136_8080.1727405509.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331916088, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54136, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:36.307] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:36.307] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:36.307] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:36.307] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:39.091] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25633 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13173_192-168-52-129_80.1726193267.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13173_192-168-52-129_80.1726193267.jsonl?X-Amz-Signature=50a0d7f57263b4cf62e2427f4d63268448c438ac826eca2e9293c3b866385058&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015838Z"} [2025-12-10 09:58:39.092] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:39.092] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:39.092] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:39.092] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:39.092] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:39.092] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:39.282] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13173_192-168-52-129_80.1726193267.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331919093, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13173, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:39.282] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:39.282] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:39.282] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:39.282] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:42.195] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24521 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53641_192-168-112-135_443.1726625082.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53641_192-168-112-135_443.1726625082.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T015841Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=cbc707d2b0f43205f1d1b9817a50ad4255b0540fe80d1e91f6b55469bef6da18"} [2025-12-10 09:58:42.195] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:42.195] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:42.195] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:42.195] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:42.195] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:42.196] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:42.389] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53641_192-168-112-135_443.1726625082.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331922196, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53641, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999927073155073, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:42.389] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:42.389] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:42.389] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:42.389] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:45.295] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25634 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54134_192-168-37-136_8080.1727405507.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54134_192-168-37-136_8080.1727405507.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=2c62447bca9bc7134ad635865376ab6c2670cf3acc19669ab744fb5fa997b84b&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015844Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 09:58:45.296] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:45.296] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:45.296] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:45.296] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:45.296] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:45.296] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:45.491] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54134_192-168-37-136_8080.1727405507.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331925296, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54134, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:45.491] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:45.491] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:45.491] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:45.491] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:48.397] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25635 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54137_192-168-37-136_8080.1727405510.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54137_192-168-37-136_8080.1727405510.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=fbe80951a565a3a39bf295caa1ad2fa815afbe315eb2b0a90c3ae81265267539&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015847Z&X-Amz-Expires=604800"} [2025-12-10 09:58:48.398] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:48.398] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:48.398] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:48.398] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:48.398] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:48.398] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:48.604] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54137_192-168-37-136_8080.1727405510.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331928398, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54137, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:48.604] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:48.604] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:48.604] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:48.604] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:51.498] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25636 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54139_192-168-37-136_8080.1727405513.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54139_192-168-37-136_8080.1727405513.jsonl?X-Amz-Signature=fb015bc93c74cbe7356a39e86349557d9e3687303be4b88cfa3e4537acd871bc&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T015850Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:58:51.498] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:51.498] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:51.498] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:51.498] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:51.498] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:51.499] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:51.691] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54139_192-168-37-136_8080.1727405513.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331931499, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54139, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:51.691] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:51.691] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:51.691] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:51.691] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:54.599] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25289 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63360.1727520063.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63360.1727520063.jsonl?X-Amz-Signature=eff7a8229a603e10c2f6041d293d987f460a17fb064bcaf323ccb5242a163cd1&X-Amz-Date=20251210T015854Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 09:58:54.599] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:54.599] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:54.600] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:54.600] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:54.600] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:54.600] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:54.783] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63360.1727520063.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331934600, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63360, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:54.783] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:54.783] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:54.783] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:54.783] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:58:57.701] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24522 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55521_192-168-112-135_80.1727254876.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55521_192-168-112-135_80.1727254876.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=269a066c54d49bb000fc3c531648b86d314071cc64150427353747044548bd74&X-Amz-Date=20251210T015857Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:58:57.701] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:58:57.701] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:58:57.701] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:58:57.701] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:58:57.701] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:58:57.702] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:58:57.891] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55521_192-168-112-135_80.1727254876.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331937702, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55521, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:58:57.891] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:58:57.891] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:58:57.891] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:58:57.891] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:00.802] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24523 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50573.1727436128.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50573.1727436128.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T015900Z&X-Amz-Signature=1c293050e6646d97429668fa7b93972b19ea3050988493616103a7a62a8aeb9d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 09:59:00.802] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:00.802] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:00.802] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:00.802] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:00.802] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:00.803] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:00.995] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50573.1727436128.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331940803, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50573, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:00.995] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:00.995] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:00.995] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:00.995] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:03.903] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25637 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54127_192-168-37-136_8080.1727405487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54127_192-168-37-136_8080.1727405487.jsonl?X-Amz-Date=20251210T015903Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=0a57e55fa8ab8d80737bb1cb42ee0438f975331e43f3b6a0eb0d487f04bcbfab&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:59:03.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:03.903] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:03.903] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:03.903] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:03.903] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:03.904] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:04.093] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54127_192-168-37-136_8080.1727405487.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331943904, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54127, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:04.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:04.093] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:04.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:04.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:07.005] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24524 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62816.1727519466.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62816.1727519466.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=4f372a240d2ad8cc7c4b382dcd7d74f589ff91ec7007a6ace1c74dd20cb999be&X-Amz-Date=20251210T015906Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:59:07.005] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:07.005] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:07.005] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:07.005] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:07.005] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:07.006] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:07.240] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62816.1727519466.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331947006, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62816, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:07.240] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:07.240] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:07.240] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:07.240] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:10.105] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25638 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61698.1727518200.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61698.1727518200.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=6a68b6f12a115ba2859bea5c0417f83c05572407442143a420a4a75c95f048df&X-Amz-Date=20251210T015909Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:59:10.106] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:10.106] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:10.106] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:10.106] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:10.106] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:10.106] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:10.313] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61698.1727518200.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331950106, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61698, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:10.313] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:10.313] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:10.313] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:10.313] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:13.209] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24525 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21148_192-168-52-129_443.1725955229.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21148_192-168-52-129_443.1725955229.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015912Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=475377510fdf93a431e8e754376ed6494611384f7f7c63760539ea184576a328"} [2025-12-10 09:59:13.209] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:13.210] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:13.210] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:13.210] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:13.210] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:13.210] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:13.419] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21148_192-168-52-129_443.1725955229.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331953210, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 21148, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999845902304513, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 09:59:13.419] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:13.419] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:13.419] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:13.419] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:16.312] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24526 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21138_192-168-52-129_443.1725955220.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21138_192-168-52-129_443.1725955220.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015915Z&X-Amz-Signature=21dd8d83ee1d9277bbeab12799fc07423c897afbbe41cd8ecb56162d168018cc"} [2025-12-10 09:59:16.312] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:16.312] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:16.312] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:16.312] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:16.312] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:16.313] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:16.505] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21138_192-168-52-129_443.1725955220.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331956313, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 21138, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999965685950969, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 09:59:16.505] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:16.505] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:16.505] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:16.505] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:19.415] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25639 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40629_192-168-37-136_8443.1727405639.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40629_192-168-37-136_8443.1727405639.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=cbdcb90b0b080f452a4ff672d049810cc2fd28d1225113bf9970d84bfb808f6d&X-Amz-Date=20251210T015918Z"} [2025-12-10 09:59:19.415] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:19.415] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:19.415] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:19.415] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:19.415] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:19.416] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:19.607] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40629_192-168-37-136_8443.1727405639.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331959416, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40629, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999965050562283, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:19.607] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:19.607] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:19.607] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:19.607] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:22.518] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25640 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40631_192-168-37-136_8443.1727405641.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40631_192-168-37-136_8443.1727405641.jsonl?X-Amz-Date=20251210T015922Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=21b910037fa2158d8bbe7eca1badf7434dcf8e74a0c56a343592a156d6131fdb"} [2025-12-10 09:59:22.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:22.519] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:22.519] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:22.519] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:22.519] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:22.519] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:22.715] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40631_192-168-37-136_8443.1727405641.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331962519, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40631, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999506455301298, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:22.715] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:22.715] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:22.715] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:22.715] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:25.620] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25641 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63344.1727520049.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63344.1727520049.jsonl?X-Amz-Signature=37ee6f60f3bda2ceb1f90021eaa2d782609e430156806cc1a27f4dd2b22f2fa4&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015925Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:59:25.620] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:25.620] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:25.620] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:25.620] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:25.620] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:25.621] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:25.810] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63344.1727520049.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331965621, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63344, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:25.810] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:25.810] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:25.810] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:25.810] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:28.721] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25642 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61670.1727518173.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61670.1727518173.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015928Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=ef9f41bb3ef8a36b20caa0433243806a04d973134cae2b7f024525935b282d82"} [2025-12-10 09:59:28.721] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:28.721] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:28.721] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:28.721] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:28.721] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:28.721] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:28.922] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61670.1727518173.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331968721, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61670, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:28.922] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:28.922] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:28.922] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:28.922] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:31.822] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24527 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62800.1727519453.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62800.1727519453.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=43d8a17c70b2d30e08ca6668e9ac181a8e5bbbf312ebb4ec7e6f63fec144af58&X-Amz-Date=20251210T015931Z"} [2025-12-10 09:59:31.823] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:31.823] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:31.823] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:31.823] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:31.823] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:31.823] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:31.975] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62800.1727519453.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331971823, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62800, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:31.975] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:31.975] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:31.975] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:31.975] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:34.925] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24528 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11671_192-168-52-129_443.1726018242.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11671_192-168-52-129_443.1726018242.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015934Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=5de1c632c6fa38ccc213c10ff8fa2d491c5b951296267fc5aad5d73c863d442e"} [2025-12-10 09:59:34.925] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:34.925] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:34.926] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:34.926] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:34.926] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:34.926] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:35.115] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11671_192-168-52-129_443.1726018242.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331974926, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11671, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9998645525083372, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 09:59:35.115] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:35.115] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:35.115] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:35.115] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:38.028] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25643 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40628_192-168-37-136_8443.1727405635.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40628_192-168-37-136_8443.1727405635.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015937Z&X-Amz-Signature=c51d928fa36b20102cb2411c3f59a51965d091b110a285832027ee18cb45692f"} [2025-12-10 09:59:38.028] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:38.028] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:38.028] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:38.029] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:38.029] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:38.029] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:38.222] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40628_192-168-37-136_8443.1727405635.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331978029, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40628, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9996947990433751, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:38.222] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:38.222] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:38.222] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:38.222] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:41.129] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24529 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55530_192-168-112-135_80.1727254882.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55530_192-168-112-135_80.1727254882.jsonl?X-Amz-Signature=2670a6adc23b459358242d2eb284adf1aee4f990dfacdef5b2c37618916a3975&X-Amz-Date=20251210T015940Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 09:59:41.129] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:41.129] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:41.129] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:41.129] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:41.129] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:41.130] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:41.351] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55530_192-168-112-135_80.1727254882.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331981130, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55530, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:41.351] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:41.351] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:41.351] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:41.351] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:44.231] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25644 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55491_192-168-112-135_80.1727254862.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55491_192-168-112-135_80.1727254862.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=669873b102018fb5a5abdc2dd5013d4b9d798b20e4b3e501833950efd2f7c4b5&X-Amz-Date=20251210T015943Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 09:59:44.231] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:44.231] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:44.231] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:44.231] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:44.231] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:44.232] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:44.439] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55491_192-168-112-135_80.1727254862.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331984232, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55491, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:44.439] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:44.439] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:44.439] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:44.439] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:47.332] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25290 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50552.1727436110.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50552.1727436110.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=27ee8942f246ccec67eb8c27fe25bd1ca79b214f8a975e878ba719b201dc97ee&X-Amz-Date=20251210T015946Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 09:59:47.332] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:47.332] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:47.332] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:47.332] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:47.332] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:47.332] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:47.523] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50552.1727436110.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331987332, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50552, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:47.523] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:47.523] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:47.523] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:47.523] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:50.433] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25645 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55495_192-168-112-135_80.1727254864.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55495_192-168-112-135_80.1727254864.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=58f4e7000414cc5235de2e83bd15b5d5aee6f08ee7c3a93a760c3c197bdd76b9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T015949Z"} [2025-12-10 09:59:50.434] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:50.434] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:50.434] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:50.434] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:50.434] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:50.434] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:50.625] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55495_192-168-112-135_80.1727254864.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331990434, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55495, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:50.625] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:50.625] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:50.625] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:50.625] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:53.534] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24530 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55543_192-168-112-135_80.1727254887.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55543_192-168-112-135_80.1727254887.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T015953Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=4c3ccd1caabd1f9fbadd94129ea8823ea39d078a5bdcd3a78bb93e8465823297"} [2025-12-10 09:59:53.535] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:53.535] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:53.535] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:53.535] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:53.535] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:53.535] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:53.729] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http.pcap.TCP_192-168-112-1_55543_192-168-112-135_80.1727254887.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331993535, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55543, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 09:59:53.729] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:53.729] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:53.729] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:53.729] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:56.638] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25291 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40790_192-168-52-129_443.1726041626.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40790_192-168-52-129_443.1726041626.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015956Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=0828f6ecb7d8d37996e435091dbb838f5f00c40bafceca06b878f826f722afbf"} [2025-12-10 09:59:56.638] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:56.638] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:56.638] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:56.638] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:56.638] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:56.639] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:56.856] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40790_192-168-52-129_443.1726041626.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331996640, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 40790, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999915946036992, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 09:59:56.856] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:56.856] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:56.856] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:56.856] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 09:59:59.741] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25646 key: NULL payload: {"bucket":"2025-12-10","object":"09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12256_192-168-52-129_443.1726018536.jsonl","url":"http://111.32.12.11:9000/2025-12-10/09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12256_192-168-52-129_443.1726018536.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=9cd09054765d44f4cffa534d3bc8760c8c6b2239ce2f25b89172850f2a495656&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T015959Z"} [2025-12-10 09:59:59.741] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 09:59:59.741] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 09:59:59.742] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 09:59:59.742] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 09:59:59.742] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 09:59:59.742] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 09:59:59.894] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:09/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12256_192-168-52-129_443.1726018536.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765331999742, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12256, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999894442529297, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 09:59:59.894] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 09:59:59.894] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 09:59:59.894] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 09:59:59.894] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:02.843] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25647 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42268_192-168-163-23_443.1726208854.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42268_192-168-163-23_443.1726208854.jsonl?X-Amz-Signature=d5a6621400a475bc4b9a23c5f22d1a23d1d73db60c7286e22770c02657052f5e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020002Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:00:02.843] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:02.843] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:02.843] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:02.843] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:02.843] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:02.844] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:03.057] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42268_192-168-163-23_443.1726208854.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332002844, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42268, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9992458167925284, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:00:03.057] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:03.057] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:03.057] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:03.057] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:05.848] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25292 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52972_192-168-32-40_443.1726127483.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52972_192-168-32-40_443.1726127483.jsonl?X-Amz-Signature=04287f196ae35a776072d18555bb002a5207b794367ec128698a01e3c576c7b6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020005Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:00:05.849] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:05.849] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:05.849] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:05.849] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:05.849] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:05.850] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:06.043] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52972_192-168-32-40_443.1726127483.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332005850, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52972, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999827732972721, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:06.043] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:06.043] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:06.043] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:06.043] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:08.952] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25648 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50450.1727159688.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50450.1727159688.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=cf3ab722bb786c41963f7a58ecf7a81ee24ef006c4adb45187f0209fe0da6d9b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020008Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:00:08.952] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:08.952] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:08.953] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:08.953] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:08.953] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:08.954] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:09.147] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50450.1727159688.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332008954, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50450, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9966468616913028, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:00:09.147] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:09.147] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:09.147] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:09.147] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:12.054] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24531 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42100_192-168-163-23_443.1726207998.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42100_192-168-163-23_443.1726207998.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020011Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b5110738d860de4d342397086a22d73a598e8d572a3d9879721761c5ba7f388c"} [2025-12-10 10:00:12.054] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:12.054] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:12.054] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:12.054] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:12.054] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:12.055] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:12.253] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42100_192-168-163-23_443.1726207998.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332012055, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42100, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999799070167682, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:00:12.253] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:12.253] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:12.253] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:12.253] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:15.157] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25649 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52799_192-168-32-40_443.1726127473.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52799_192-168-32-40_443.1726127473.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020014Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=7d1061f2f3373cda65b44382f748bd94ca2b424b2b601273e895d9023fd40db4"} [2025-12-10 10:00:15.157] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:15.157] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:15.157] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:15.157] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:15.157] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:15.158] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:15.386] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52799_192-168-32-40_443.1726127473.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332015158, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52799, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999985053539937, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:15.386] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:15.386] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:15.386] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:15.386] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:18.260] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25293 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50131.1726212721.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50131.1726212721.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020017Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=a84e31caed9e7cd4967473314cf787110f10e743e42bc193f94531768d9ce54d&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:00:18.260] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:18.260] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:18.260] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:18.260] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:18.260] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:18.261] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:18.465] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50131.1726212721.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332018261, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50131, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9993986883604957, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:18.465] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:18.465] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:18.465] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:18.465] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:21.361] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25650 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13322_192-168-52-129_80.1726193381.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13322_192-168-52-129_80.1726193381.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020020Z&X-Amz-Signature=99e0e38e21269e77c03b2da0fe5ab2ea23c057dee18e764cab6b0606fd209b66&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:00:21.361] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:21.361] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:21.361] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:21.361] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:21.361] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:21.362] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:21.552] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13322_192-168-52-129_80.1726193381.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332021362, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13322, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:21.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:21.552] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:21.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:21.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:24.464] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24532 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53311_192-168-32-40_443.1726127506.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53311_192-168-32-40_443.1726127506.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020023Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=c06d8012880272fdfe21935a64221803d8ef5b564e19c244e446531a20e76656"} [2025-12-10 10:00:24.464] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:24.464] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:24.464] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:24.464] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:24.464] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:24.464] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:24.680] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53311_192-168-32-40_443.1726127506.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332024465, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 53311, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999999251911683, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:24.680] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:24.680] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:24.680] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:24.680] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:27.568] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25651 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44854.1726132120.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44854.1726132120.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020027Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=818702f621cb8a88c3ba2a3a5f6261f3f37a44c1cf624291c01d31a87fa631a2&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:00:27.568] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:27.568] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:27.569] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:27.569] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:27.569] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:27.569] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:27.764] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44854.1726132120.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332027569, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44854, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8649753129761104, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:27.764] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:27.764] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:27.764] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:27.764] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:30.671] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25294 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44892.1726132175.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44892.1726132175.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ca8d3517d776b6f9720e732ed0d0fb9317a7afad626aea6898fd4e47a2518ba5&X-Amz-Date=20251210T020030Z"} [2025-12-10 10:00:30.671] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:30.671] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:30.671] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:30.671] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:30.671] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:30.672] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:30.861] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44892.1726132175.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332030672, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44892, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8347860719091235, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:30.861] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:30.861] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:30.861] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:30.861] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:33.773] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24533 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44916.1726132216.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44916.1726132216.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T020033Z&X-Amz-Signature=1b2a0a008ef7b44eb3b10e7b60bde07bb9adea3f8b0f8e8535eed5ce64909e4e&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:00:33.773] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:33.773] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:33.774] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:33.774] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:33.774] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:33.774] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:33.966] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44916.1726132216.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332033774, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44916, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7820979762504217, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:33.966] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:33.966] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:33.966] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:33.966] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:36.876] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25652 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49246.1727232128.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49246.1727232128.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=fa2e3487c6882bcfb284e491ca33ab2bc2c885060cfff242deb2608cda503a6e&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020036Z"} [2025-12-10 10:00:36.876] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:36.876] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:36.876] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:36.876] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:36.876] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:36.876] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:37.085] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49246.1727232128.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332036877, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49246, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9788907865142036, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:37.085] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:37.085] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:37.085] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:37.085] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:39.978] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25653 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53340.1726132256.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53340.1726132256.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c08c46435713a9a2b5da120206e728563cbb7b6a09944ad101029208ec2938cf&X-Amz-Date=20251210T020039Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:00:39.978] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:39.978] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:39.979] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:39.979] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:39.979] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:39.980] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:40.173] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53340.1726132256.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332039980, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53340, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8829184175754848, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:40.173] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:40.173] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:40.173] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:40.173] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:43.080] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25295 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54125_192-168-37-136_8080.1727405485.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54125_192-168-37-136_8080.1727405485.jsonl?X-Amz-Signature=d3a6b126416a99b3588d45363f8d37048c436e996772dc627775773da9124d49&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020042Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:00:43.080] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:43.080] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:43.080] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:43.080] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:43.080] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:43.081] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:43.273] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54125_192-168-37-136_8080.1727405485.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332043081, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54125, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:43.273] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:43.273] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:43.273] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:43.273] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:46.180] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25296 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54126_192-168-37-136_8080.1727405487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54126_192-168-37-136_8080.1727405487.jsonl?X-Amz-Date=20251210T020045Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7890058ecc3ba41f64d75bd974046cae2f8678fdcfb2e3b0b8df1baddc0a4cb8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:00:46.180] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:46.180] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:46.180] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:46.180] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:46.180] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:46.181] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:46.371] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54126_192-168-37-136_8080.1727405487.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332046181, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54126, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:46.371] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:46.371] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:46.371] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:46.371] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:49.282] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25297 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54128_192-168-37-136_8080.1727405489.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54128_192-168-37-136_8080.1727405489.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=dc47173da935ed9c6c383f5229a8a8f407e38daae4b2a4541c72ecc7220f439a&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020048Z"} [2025-12-10 10:00:49.283] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:49.283] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:49.283] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:49.283] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:49.283] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:49.283] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:49.486] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54128_192-168-37-136_8080.1727405489.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332049283, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54128, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:49.486] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:49.486] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:49.486] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:49.486] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:52.385] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25654 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42267_192-168-163-23_443.1726208846.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42267_192-168-163-23_443.1726208846.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020051Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=60fd20790f97ae85989abf06b4ccc8c52fe4756b83586fcafc9ffc034d0205cc&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:00:52.385] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:52.385] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:52.385] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:52.385] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:52.385] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:52.385] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:52.578] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42267_192-168-163-23_443.1726208846.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332052386, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42267, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999935017400218, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:00:52.578] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:52.578] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:52.578] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:52.578] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:55.486] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24534 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53138_192-168-32-40_443.1726127495.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53138_192-168-32-40_443.1726127495.jsonl?X-Amz-Expires=604800&X-Amz-Signature=322609cceb811a9704e1ee46361993cdcee9f44ac46798366f5cf3df7858f846&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020054Z"} [2025-12-10 10:00:55.487] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:55.487] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:55.487] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:55.487] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:55.487] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:55.487] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:55.727] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53138_192-168-32-40_443.1726127495.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332055487, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 53138, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999997045117193, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:55.727] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:55.727] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:55.727] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:55.728] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:00:58.589] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25298 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55600_192-168-112-135_443.1727254925.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55600_192-168-112-135_443.1727254925.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=d2d2410dba37045763432f6f9185280c0b2b005e43f6cba31f45818344eb3615&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020058Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:00:58.589] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:00:58.589] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:00:58.589] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:00:58.589] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:00:58.589] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:00:58.590] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:00:58.782] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55600_192-168-112-135_443.1727254925.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332058590, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55600, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999783355112218, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:00:58.782] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:00:58.782] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:00:58.782] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:00:58.782] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:01.692] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25299 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42274_192-168-163-23_443.1726208860.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42274_192-168-163-23_443.1726208860.jsonl?X-Amz-Date=20251210T020101Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=7f3165a0893757f0ce938f9ba27c782f353e075983a14f01c34c55961c69f38d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:01:01.692] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:01.692] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:01.692] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:01.692] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:01.693] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:01.693] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:01.901] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42274_192-168-163-23_443.1726208860.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332061694, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42274, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998794249838118, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:01:01.901] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:01.901] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:01.901] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:01.901] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:04.795] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24535 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42263_192-168-163-23_443.1726208839.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42263_192-168-163-23_443.1726208839.jsonl?X-Amz-Date=20251210T020104Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=db3ed89d4bf87baf048d22c42c7b1cdddf69f4dd41aa894cdd2bcba8f7836c46&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:01:04.795] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:04.795] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:04.795] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:04.795] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:04.795] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:04.795] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:04.950] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42263_192-168-163-23_443.1726208839.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332064795, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42263, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999846512099934, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:01:04.950] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:04.950] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:04.950] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:04.950] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:07.898] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25300 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50128.1726212719.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50128.1726212719.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T020107Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1473a0f630344d3b25eb3292947277a7d36abe8555b3d7b11562b1913a6bfb5a&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:01:07.898] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:07.898] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:07.898] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:07.898] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:07.898] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:07.899] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:08.067] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50128.1726212719.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332067899, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50128, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9934623185581525, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:08.067] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:08.067] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:08.067] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:08.067] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:11.000] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25655 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50134.1726212724.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50134.1726212724.jsonl?X-Amz-Signature=4aa6df21f259f2a94a9b3636756fd109e2e8fe3b4a97e68e34a5ad1a38638149&X-Amz-Date=20251210T020110Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:01:11.000] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:11.000] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:11.001] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:11.001] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:11.001] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:11.002] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:11.170] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50134.1726212724.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332071002, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50134, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9891992744984781, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:11.170] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:11.170] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:11.170] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:11.170] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:14.103] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24536 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42110_192-168-163-23_443.1726208030.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42110_192-168-163-23_443.1726208030.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2a249176c4045823a06cdf45ad7eb7ffd3f4e4ef85354a2b7f085bf634f153f6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020113Z"} [2025-12-10 10:01:14.103] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:14.103] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:14.103] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:14.103] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:14.103] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:14.104] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:14.297] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42110_192-168-163-23_443.1726208030.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332074104, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42110, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999717344853102, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:01:14.297] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:14.297] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:14.297] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:14.297] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:17.205] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24537 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42283_192-168-163-23_443.1726208876.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42283_192-168-163-23_443.1726208876.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T020116Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=4d78d799662f2108b1fdae19bafc7b99a72668e5dc118394b82450455dd2e030"} [2025-12-10 10:01:17.205] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:17.205] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:17.205] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:17.205] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:17.205] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:17.206] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:17.403] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42283_192-168-163-23_443.1726208876.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332077206, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42283, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998899935895023, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:01:17.403] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:17.403] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:17.403] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:17.403] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:20.308] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25656 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50125.1726212718.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50125.1726212718.jsonl?X-Amz-Signature=136aa1460aedda6d23d7b6daa449665ab84fdb3145fc137c8ec93f72ac8e497b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020119Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:01:20.308] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:20.309] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:20.309] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:20.309] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:20.309] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:20.309] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:20.500] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50125.1726212718.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332080309, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50125, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9902112973095163, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:20.500] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:20.500] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:20.500] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:20.500] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:23.412] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24538 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50127.1726212719.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50127.1726212719.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=ed0761919da4328f96671d50fed6213128421011702cb4739b6ae1413f371069&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020122Z"} [2025-12-10 10:01:23.412] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:23.412] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:23.412] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:23.412] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:23.412] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:23.412] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:23.605] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50127.1726212719.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332083413, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50127, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9947485815446498, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:23.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:23.605] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:23.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:23.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:26.512] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24539 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58172_192-168-32-40_80.1726196747.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58172_192-168-32-40_80.1726196747.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=18a6ffb91b095a96487204392b497e3bd5815282b712b9155ca30ba00cf64a83&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020125Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:01:26.512] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:26.512] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:26.512] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:26.513] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:26.513] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:26.513] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:26.736] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58172_192-168-32-40_80.1726196747.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332086513, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 58172, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:26.736] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:26.736] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:26.736] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:26.736] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:29.615] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25657 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54386.1726130506.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54386.1726130506.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020129Z&X-Amz-Signature=2d43f374f052a7f5a10a9fe2d227fed67a634b297c9057cd872fa931c1d1845a&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:01:29.615] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:29.615] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:29.615] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:29.615] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:29.615] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:29.615] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:29.806] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54386.1726130506.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332089616, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54386, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8545308495946718, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:29.806] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:29.806] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:29.806] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:29.806] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:32.717] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25658 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51500.1726130547.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51500.1726130547.jsonl?X-Amz-Signature=7f674b4acdadbfd6e1b86efad046e45e835bba6f50572dc81caed7233d3e0c3d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020132Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:01:32.717] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:32.717] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:32.717] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:32.717] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:32.717] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:32.717] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:32.915] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51500.1726130547.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332092718, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51500, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7652886925783811, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:32.915] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:32.915] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:32.915] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:32.915] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:35.819] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25301 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44042.1726130601.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44042.1726130601.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020135Z&X-Amz-Signature=50fdfa06fd80a8142ef1c78ee6048c10e5436466ea2c302bc1076b1c80791c03&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:01:35.819] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:35.819] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:35.819] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:35.819] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:35.819] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:35.820] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:36.018] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_44042.1726130601.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332095820, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44042, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6791167796113271, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:36.018] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:36.018] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:36.018] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:36.018] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:38.921] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24540 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58174.1726129546.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58174.1726129546.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020138Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=91e9c74bcb7432c617c54d0d99f3f8b450da1058521b724a72462407c0bf8ea5"} [2025-12-10 10:01:38.921] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:38.921] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:38.921] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:38.921] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:38.921] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:38.922] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:39.074] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_58174.1726129546.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332098922, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58174, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7313231847218452, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:39.074] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:39.074] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:39.074] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:39.074] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:42.023] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25659 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33074.1726129605.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33074.1726129605.jsonl?X-Amz-Signature=74657acba60ac697a3ecd85ae306d06adf6b37aa3fe153e931e3049d0a18c500&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020141Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:01:42.023] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:42.023] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:42.023] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:42.023] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:42.023] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:42.024] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:42.176] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_33074.1726129605.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332102024, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33074, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5467283177738326, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:42.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:42.176] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:42.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:42.176] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:45.126] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24541 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36992.1726129657.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36992.1726129657.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020144Z&X-Amz-Signature=e5db2b4f924f3f7e1c9c08a268428580e4f510def6f1741cc7d9a3dd6802a9c6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:01:45.126] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:45.126] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:45.126] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:45.126] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:45.126] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:45.127] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:45.322] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_36992.1726129657.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332105127, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36992, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7173125752864901, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:45.322] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:45.322] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:45.322] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:45.322] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:48.228] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24542 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35960.1726130427.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35960.1726130427.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=fad4c3b258a745d3598198c9e47d4e862de1860e227ec226dc48496aee13579d&X-Amz-Date=20251210T020147Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:01:48.229] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:48.229] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:48.229] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:48.229] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:48.229] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:48.230] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:48.423] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35960.1726130427.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332108230, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35960, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5298220609605865, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:48.423] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:48.423] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:48.423] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:48.423] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:51.331] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24543 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42096_192-168-163-23_443.1726207955.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42096_192-168-163-23_443.1726207955.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0893928995de41e642f905d837b409056cd7e00a623311537a025eefb89c5b2a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020150Z"} [2025-12-10 10:01:51.331] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:51.331] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:51.331] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:51.331] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:51.331] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:51.332] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:51.528] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42096_192-168-163-23_443.1726207955.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332111332, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42096, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9990680748971026, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:01:51.528] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:51.528] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:51.528] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:51.528] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:54.433] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25660 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50130.1726212721.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50130.1726212721.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020153Z&X-Amz-Signature=a04233c7882334f418b45433200f613c86d780249e59a914edf1f52f53da2e00"} [2025-12-10 10:01:54.433] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:54.433] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:54.433] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:54.433] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:54.433] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:54.434] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:54.625] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50130.1726212721.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332114434, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50130, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9610371025904593, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:54.625] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:54.625] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:54.625] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:54.625] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:01:57.536] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24544 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.pcap.TCP_192-168-112-139_51129_192-168-112-141_50185.1726212841.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.pcap.TCP_192-168-112-139_51129_192-168-112-141_50185.1726212841.jsonl?X-Amz-Expires=604800&X-Amz-Signature=ec265cc128d6ced497eff790d562573b81c1e56a64df8c7b6dff092236f28c13&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020157Z"} [2025-12-10 10:01:57.536] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:01:57.536] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:01:57.536] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:01:57.536] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:01:57.536] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:01:57.537] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:01:57.728] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain1.pcap.TCP_192-168-112-139_51129_192-168-112-141_50185.1726212841.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332117537, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50185, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9411154499532502, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:01:57.728] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:01:57.728] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:01:57.728] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:01:57.728] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:00.639] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25302 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50123.1726212710.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50123.1726212710.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=600625f6ccb4f49c52fdb35ccc3ead5e72575ef5e875d4fddf7682904fa074f7&X-Amz-Date=20251210T020200Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:02:00.639] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:00.639] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:00.639] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:00.639] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:00.639] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:00.639] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:00.881] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50123.1726212710.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332120639, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50123, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9737056284005778, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:00.881] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:00.881] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:00.881] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:00.882] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:03.741] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25661 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50124.1726212714.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50124.1726212714.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020203Z&X-Amz-SignedHeaders=host&X-Amz-Signature=d3172c834e12a1d54903c32aeb143952dbe298e77aad652fcc4c7dfcc10fd2ec&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:02:03.741] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:03.741] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:03.742] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:03.742] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:03.742] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:03.742] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:03.931] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50124.1726212714.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332123742, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50124, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9878386178448167, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:03.931] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:03.931] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:03.931] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:03.931] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:06.844] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25662 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50129.1726212720.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50129.1726212720.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020206Z&X-Amz-Signature=f87a46c236786e495699270a1795a6ea8b22a754970aa6d838095938f9b7be67&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:02:06.844] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:06.844] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:06.844] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:06.844] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:06.844] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:06.845] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:07.037] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50129.1726212720.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332126845, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50129, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.983151851486558, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:07.037] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:07.037] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:07.037] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:07.037] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:09.946] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24545 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50132.1726212722.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50132.1726212722.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=96914ff5e58b6eec2324fb7bb31caeeadb37d50b7fafa409da8ecabbc3c2f676&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020209Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:02:09.946] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:09.946] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:09.946] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:09.946] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:09.946] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:09.947] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:10.140] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50132.1726212722.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332129947, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50132, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.937681800988194, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:10.140] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:10.140] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:10.140] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:10.140] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:13.048] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25303 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50135.1726212725.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50135.1726212725.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ba415bd281ce86bfdaee7078b56bc2b74da3bb8370efca3536d73c7ab3654135&X-Amz-Date=20251210T020212Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:02:13.048] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:13.048] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:13.048] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:13.048] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:13.048] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:13.049] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:13.241] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50135.1726212725.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332133049, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50135, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9780476306840957, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:13.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:13.241] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:13.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:13.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:16.150] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24546 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50137.1726212727.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50137.1726212727.jsonl?X-Amz-Date=20251210T020215Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=a22cda1af791b0394470f1f834aea493104a4104a4850fe11d358f46500fd68c"} [2025-12-10 10:02:16.150] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:16.151] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:16.151] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:16.151] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:16.151] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:16.151] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:16.355] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50137.1726212727.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332136151, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50137, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9813952725009292, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:16.355] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:16.355] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:16.355] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:16.355] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:19.253] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25304 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42111_192-168-163-23_443.1726208046.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42111_192-168-163-23_443.1726208046.jsonl?X-Amz-Date=20251210T020218Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=b5f1ebf9a9213a1186115193adf984c1daecf769db3c2b4563255ad4fd851a2a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:02:19.253] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:19.253] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:19.253] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:19.253] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:19.253] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:19.254] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:19.430] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42111_192-168-163-23_443.1726208046.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332139254, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42111, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999394841464235, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:02:19.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:19.430] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:19.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:19.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:22.356] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24547 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50459.1727159698.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50459.1727159698.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=add8f34d1d3beafc3522e7c9b84a2cc21ffd75a81782d009cb81078a8ba7e4ec&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020221Z"} [2025-12-10 10:02:22.356] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:22.356] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:22.356] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:22.356] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:22.356] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:22.357] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:22.551] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50459.1727159698.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332142357, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50459, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9417957198933872, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:22.551] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:22.551] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:22.551] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:22.551] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:25.458] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24548 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42108_192-168-163-23_443.1726208017.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42108_192-168-163-23_443.1726208017.jsonl?X-Amz-Date=20251210T020224Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=c15b28b9fea7eb6c47c305424f1b8ccd2e32f4e932b096fdb34779417758d4c8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:02:25.459] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:25.459] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:25.459] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:25.459] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:25.459] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:25.459] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:25.651] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42108_192-168-163-23_443.1726208017.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332145460, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42108, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998455172353017, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:02:25.651] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:25.651] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:25.651] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:25.651] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:28.561] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25305 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42280_192-168-163-23_443.1726208868.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42280_192-168-163-23_443.1726208868.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=2153ce1a6139b1c44a59a24d4cb814f0a669b42636aef452014cbe11abca134d&X-Amz-Date=20251210T020228Z"} [2025-12-10 10:02:28.562] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:28.562] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:28.562] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:28.562] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:28.562] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:28.563] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:28.755] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42280_192-168-163-23_443.1726208868.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332148563, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42280, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999636535382094, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:02:28.755] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:28.755] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:28.755] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:28.755] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:31.664] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25306 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50126.1726212718.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50126.1726212718.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=6751108a1a4673a75458f8ae6c487fb49d0dfee83c44501775adec8a886f400c&X-Amz-Date=20251210T020231Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:02:31.664] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:31.664] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:31.664] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:31.664] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:31.664] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:31.664] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:31.857] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50126.1726212718.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332151664, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50126, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9886484413236557, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:31.857] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:31.857] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:31.857] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:31.857] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:34.863] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24549 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.1726800568.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.1726800568.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020234Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7e255d1eb46dbc1b45d1afc04950c42ddf8ce8ff25fb309c86feec25ec430f7d&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:02:34.863] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:34.863] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:34.864] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:34.864] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:34.864] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:34.864] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:35.129] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.1726800568.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 11, "abnormal_count": 11, "normal_count": 1, "timestamp": 1765332154864, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51268, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.5903049085195861, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51277, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9912261189471189, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51267, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9520112014972585, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51270, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8989305967628844, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51273, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8840743179035093, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51271, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8192816349849472, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51276, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.6494420354275284, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51260, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7938605210350151, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51274, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9971468104648852, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51264, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51265, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8870828047759287, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:35.129] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-10 10:02:35.129] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:35.129] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:35.129] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:37.966] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25307 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50136.1726212726.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50136.1726212726.jsonl?X-Amz-Date=20251210T020237Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=5cb9818c8562b03b0c80ae5d0c412a070c1cdaf0707139c5c2d886b224bc984f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:02:37.966] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:37.966] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:37.966] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:37.966] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:37.966] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:37.967] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:38.161] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50136.1726212726.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332157968, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50136, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.96622869987999, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:38.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:38.161] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:38.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:38.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:41.068] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25308 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41528_192-168-163-23_443.1726205296.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41528_192-168-163-23_443.1726205296.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a0bd3c81295d91764cc9f8375a35822ae5cc34e67c69e6f6cdffd2cf211a20cc&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020240Z"} [2025-12-10 10:02:41.069] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:41.069] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:41.069] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:41.069] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:41.069] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:41.070] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:41.262] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41528_192-168-163-23_443.1726205296.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332161070, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41528, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999877296867019, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:02:41.262] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:41.262] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:41.262] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:41.262] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:44.172] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25309 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41852_192-168-163-23_443.1726206864.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41852_192-168-163-23_443.1726206864.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7e5b682cb8d83b576b96021b4d1c9f1a97dd6f4a140d877ae59088d9b19f1667&X-Amz-Date=20251210T020243Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:02:44.172] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:44.172] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:44.172] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:44.172] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:44.172] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:44.173] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:44.360] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41852_192-168-163-23_443.1726206864.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332164173, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41852, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999583979411051, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:02:44.360] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:44.360] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:44.360] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:44.360] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:47.275] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25663 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41520_192-168-163-23_443.1726205265.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41520_192-168-163-23_443.1726205265.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020246Z&X-Amz-Signature=e574123379893c49c75c712afc6860249bfbc9c89150b43979e5ae36db28532d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:02:47.275] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:47.275] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:47.275] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:47.275] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:47.275] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:47.275] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:47.467] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41520_192-168-163-23_443.1726205265.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332167275, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41520, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998931424503055, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:02:47.467] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:47.467] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:47.467] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:47.467] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:50.377] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25664 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50446.1727159684.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50446.1727159684.jsonl?X-Amz-Signature=65dd02deb0e7afe67d3347f359ff1572046846038e141eb5644e84f32c3974b3&X-Amz-Date=20251210T020249Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:02:50.377] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:50.377] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:50.377] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:50.377] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:50.377] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:50.378] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:50.569] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50446.1727159684.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332170378, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50446, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6207118035310338, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:02:50.569] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:50.569] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:50.569] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:50.569] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:53.478] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25310 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49237.1727232113.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49237.1727232113.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5fbc2c32022e7e1c5da2eef0ea20409e5bfed6fe1937c9cf543c0a151c250819&X-Amz-Date=20251210T020252Z"} [2025-12-10 10:02:53.478] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:53.478] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:53.479] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:53.479] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:53.479] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:53.479] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:53.685] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49237.1727232113.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332173479, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49237, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9908266930075992, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:53.685] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:53.685] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:53.685] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:53.685] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:56.582] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25665 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49238.1727232116.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49238.1727232116.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T020256Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=62ec5db70f8e2fd99d1ce690fc2645d2740aa6290a916c1bbabce023d279661a"} [2025-12-10 10:02:56.582] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:56.582] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:56.582] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:56.582] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:56.582] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:56.583] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:56.793] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49238.1727232116.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332176583, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49238, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9885446014610835, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:56.793] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:56.793] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:56.793] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:56.793] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:02:59.684] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25311 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49245.1727232128.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49245.1727232128.jsonl?X-Amz-Signature=984287a0a069dd1bb7e109a1af45d7200cd25a39463457e7349c215f26c7a2af&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020259Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:02:59.685] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:02:59.685] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:02:59.685] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:02:59.685] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:02:59.685] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:02:59.685] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:02:59.887] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49245.1727232128.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332179685, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49245, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9911565590263544, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:02:59.887] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:02:59.887] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:02:59.887] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:02:59.887] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:02.788] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25666 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49247.1727232131.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49247.1727232131.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020302Z&X-Amz-Signature=23970c2beb041918df70ee317abfe75f0638bc87e36c29e2b6e3008e5d8203c6&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:03:02.788] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:02.788] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:02.788] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:02.788] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:02.788] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:02.789] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:02.981] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49247.1727232131.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332182789, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49247, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9880475565625114, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:02.981] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:02.981] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:02.981] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:02.981] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:05.890] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25667 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50133.1726212723.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50133.1726212723.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020305Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2c3904a570f24887cb40cdb952a01fd7fee45a482a9512fc8242d052d94ba631&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:03:05.890] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:05.890] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:05.890] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:05.890] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:05.890] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:05.891] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:06.083] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.pcap.TCP_192-168-112-139_51119_192-168-112-141_50133.1726212723.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332185891, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50133, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9997844571775872, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:06.083] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:06.083] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:06.083] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:06.083] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:08.992] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25312 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49243.1727232122.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49243.1727232122.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020308Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=27fcb376f4dc675932eed2bcfe0799001cecbb7650be96fdc686a654d6bbdd50"} [2025-12-10 10:03:08.992] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:08.992] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:08.993] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:08.993] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:08.993] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:08.993] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:09.186] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49243.1727232122.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332188993, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49243, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9833003297276995, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:09.186] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:09.186] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:09.186] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:09.186] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:12.096] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25668 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42099_192-168-163-23_443.1726207974.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42099_192-168-163-23_443.1726207974.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020311Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=b4b2f78797602d3d73c3825fc5fc9580ab4443e76c5619132f781052fd67dd43&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:03:12.096] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:12.096] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:12.096] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:12.096] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:12.096] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:12.097] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:12.288] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42099_192-168-163-23_443.1726207974.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332192097, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42099, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999962154174071, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:03:12.288] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:12.288] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:12.288] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:12.288] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:15.198] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24550 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49240.1727232119.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49240.1727232119.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5ecf21adf9897bd1902f234da9daf0bdabce6b1fe04be081e0dfb3334f7b119b&X-Amz-Date=20251210T020314Z"} [2025-12-10 10:03:15.198] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:15.198] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:15.199] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:15.199] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:15.199] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:15.199] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:15.392] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49240.1727232119.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332195199, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49240, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9857957295444639, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:15.392] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:15.392] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:15.392] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:15.392] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:18.300] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25669 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49249.1727232134.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49249.1727232134.jsonl?X-Amz-Signature=23d4607bc1abf9ac4c674f8f4bb427e543053425e220666aaee1876bac45e39e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020317Z&X-Amz-Expires=604800"} [2025-12-10 10:03:18.300] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:18.300] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:18.300] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:18.300] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:18.300] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:18.301] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:18.521] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49249.1727232134.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332198301, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49249, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9846401513557035, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:18.521] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:18.521] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:18.521] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:18.521] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:21.402] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25313 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41823_192-168-163-23_443.1726206680.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41823_192-168-163-23_443.1726206680.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020320Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=2de4935d38d4ae13c2e5cc5f07fb27508a48bcf442d11b9299c72eee52140d90"} [2025-12-10 10:03:21.403] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:21.403] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:21.403] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:21.403] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:21.403] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:21.404] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:21.596] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41823_192-168-163-23_443.1726206680.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332201404, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41823, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999537015204459, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:03:21.596] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:21.596] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:21.596] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:21.596] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:24.506] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25314 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49236.1727232109.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49236.1727232109.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020324Z&X-Amz-SignedHeaders=host&X-Amz-Signature=f8d487125664a0a3b44aae8476d59462a3de5018ee5c1004463406706de7c270&X-Amz-Expires=604800"} [2025-12-10 10:03:24.506] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:24.506] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:24.506] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:24.506] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:24.506] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:24.506] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:24.700] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49236.1727232109.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332204506, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49236, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.997067507502594, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:24.700] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:24.700] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:24.700] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:24.700] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:27.608] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25315 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49251.1727232137.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49251.1727232137.jsonl?X-Amz-Signature=3788e92c848d9b7bfc84d40921155e0f606f4140988697cc04479732ec187a23&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020327Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:03:27.608] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:27.608] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:27.609] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:27.609] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:27.609] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:27.610] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:27.807] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49251.1727232137.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332207610, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49251, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9486643919608937, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:27.807] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:27.807] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:27.807] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:27.807] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:30.710] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25670 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49197.1727231967.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49197.1727231967.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020330Z&X-Amz-Signature=11b414467fa6409f59c9ce4b55087dbf1133b0ece8b1b27152c871b8a71835aa&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:03:30.710] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:30.710] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:30.711] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:30.711] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:30.711] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:30.711] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:30.903] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49197.1727231967.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332210711, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49197, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9843356646814752, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:30.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:30.903] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:30.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:30.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:33.813] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24551 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49199.1727231975.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49199.1727231975.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020333Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=32030d2bb3b782c20aa7b687d39f869c5734c60fd249a15022cf916faa8d1fb2&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:03:33.813] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:33.813] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:33.813] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:33.813] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:33.813] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:33.814] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:34.002] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.pcap.TCP_192-168-112-140_51119_192-168-112-141_49199.1727231975.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332213814, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49199, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9952403705974404, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:34.002] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:34.002] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:34.002] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:34.002] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:36.916] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25671 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49241.1727232119.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49241.1727232119.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=45a1f20eef1fb3d4f2b598d5e7bd66b13be120f98f32afea5772236dfc22888d&X-Amz-Date=20251210T020336Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:03:36.916] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:36.916] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:36.916] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:36.916] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:36.916] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:36.917] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:37.109] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49241.1727232119.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332216917, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49241, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9916490801881285, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:37.109] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:37.109] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:37.109] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:37.109] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:40.018] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24552 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49248.1727232131.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49248.1727232131.jsonl?X-Amz-Date=20251210T020339Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=c48e864690eea4701b2e441765c0b7dcc8d6510e80c6aaa184131924844bf04c&X-Amz-Expires=604800"} [2025-12-10 10:03:40.018] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:40.018] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:40.018] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:40.018] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:40.018] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:40.019] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:40.211] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49248.1727232131.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332220019, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49248, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9771774959854481, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:40.211] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:40.211] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:40.211] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:40.211] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:43.120] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24553 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50458.1727159697.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50458.1727159697.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020342Z&X-Amz-Signature=c87e2fdf70b3fa8549a7abd85668990029d794979e790ec72d90d4e3955b3821&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:03:43.120] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:43.120] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:43.120] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:43.120] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:43.120] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:43.121] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:43.318] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50458.1727159697.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332223121, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50458, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9351269276217935, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:03:43.318] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:43.318] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:43.318] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:43.318] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:46.223] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24554 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50482.1727159723.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50482.1727159723.jsonl?X-Amz-Signature=256187fc9c81552f2ebe57135c887832fe5e16eb7a3246319f88f3b1136279f9&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020345Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:03:46.223] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:46.223] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:46.223] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:46.223] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:46.223] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:46.224] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:46.421] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50482.1727159723.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332226224, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50482, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7632523561242499, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:03:46.421] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:46.421] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:46.421] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:46.421] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:49.325] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25672 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49239.1727232116.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49239.1727232116.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=25854886a5f713fd1c6f1814be1ad7d8e9e51d94e4debdeca100cfa10dcfd99e&X-Amz-Date=20251210T020348Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:03:49.325] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:49.325] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:49.325] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:49.325] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:49.325] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:49.326] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:49.518] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49239.1727232116.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332229326, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49239, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9826038775697016, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:49.518] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:49.518] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:49.518] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:49.518] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:52.427] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25316 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49250.1727232134.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49250.1727232134.jsonl?X-Amz-Date=20251210T020351Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=6e8e38d30c3c55ad607d120d027b211de3000b6b9dc9ca00cfa73f1b4d75c146&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:03:52.427] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:52.427] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:52.428] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:52.428] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:52.428] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:52.429] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:52.625] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49250.1727232134.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332232429, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49250, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8794335776698408, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:03:52.625] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:52.625] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:52.625] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:52.625] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:55.530] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25673 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50449.1727159687.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50449.1727159687.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020355Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9c4be727bf13b74317236de23b36aaf3fd2f87db0c8b98873097dec0ce5b1333"} [2025-12-10 10:03:55.530] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:55.530] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:55.530] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:55.530] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:55.530] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:55.531] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:55.726] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50449.1727159687.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332235531, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50449, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6400137191298733, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:03:55.726] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:55.726] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:55.726] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:55.726] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:03:58.633] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24555 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50473.1727159714.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50473.1727159714.jsonl?X-Amz-Signature=5f9c4d4f5ba36768bf72f4daae4d98e04d8049e24f6af238947fefd8123dcfb1&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020358Z"} [2025-12-10 10:03:58.633] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:03:58.633] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:03:58.633] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:03:58.633] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:03:58.633] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:03:58.634] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:03:58.846] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50473.1727159714.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332238635, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50473, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8748114553943344, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:03:58.846] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:03:58.846] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:03:58.846] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:03:58.846] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:01.735] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25317 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49235.1727232105.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49235.1727232105.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=5ae15f5f27abddb9c3106e5813eb275046d5667737277e16a7013279cb6211d0&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020401Z"} [2025-12-10 10:04:01.735] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:01.735] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:01.735] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:01.735] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:01.735] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:01.736] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:01.929] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49235.1727232105.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332241736, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49235, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9875123349483848, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:04:01.929] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:01.929] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:01.929] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:01.929] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:04.838] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25674 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49242.1727232122.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49242.1727232122.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020404Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=e8faa4d231654006a9f05af66653ed18c72c2f1ba3bdf32414abd61eeedc7c6f"} [2025-12-10 10:04:04.838] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:04.838] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:04.838] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:04.838] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:04.838] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:04.839] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:05.050] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49242.1727232122.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332244839, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49242, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9929056904995154, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:04:05.050] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:05.050] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:05.050] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:05.050] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:07.940] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25675 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50495.1727159736.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50495.1727159736.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020407Z&X-Amz-Signature=bca40f6adf28320bb06e81352ec24b2785532477db73f67969b39c9dc67a74f7"} [2025-12-10 10:04:07.940] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:07.940] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:07.940] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:07.940] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:07.940] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:07.941] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:08.134] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50495.1727159736.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332247941, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50495, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9438502507410287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:08.134] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:08.134] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:08.134] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:08.134] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:11.043] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25318 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52985_192-168-32-40_443.1726127488.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52985_192-168-32-40_443.1726127488.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T020410Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=670f95bdb7250672bd26abb79034b4ee55f155bd308996f95b515f6a6b1b384d"} [2025-12-10 10:04:11.043] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:11.043] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:11.043] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:11.043] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:11.043] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:11.044] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:11.256] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_52985_192-168-32-40_443.1726127488.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332251044, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 52985, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999952364900613, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:04:11.256] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:11.256] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:11.256] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:11.256] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:14.144] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25319 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62621_172-28-211-96_8080.1726644233.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62621_172-28-211-96_8080.1726644233.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=e7053f62303467d0861f2d1b98c3e37bd12e4f4a5faf2728454ce3e5dbb97e9c&X-Amz-Date=20251210T020413Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:04:14.144] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:14.144] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:14.144] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:14.144] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:14.144] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:14.145] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:14.334] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62621_172-28-211-96_8080.1726644233.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332254145, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62621, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:04:14.334] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:14.334] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:14.334] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:14.334] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:17.246] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25320 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49234.1727232101.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49234.1727232101.jsonl?X-Amz-Signature=cc2ddfbca756ef35b520322f2fee629b7ffdd82294a76af364477c23c8eb8ac1&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020416Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:04:17.247] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:17.247] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:17.247] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:17.247] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:17.247] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:17.247] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:17.412] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49234.1727232101.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332257247, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49234, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.979683017409808, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:04:17.412] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:17.412] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:17.412] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:17.412] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:20.349] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25676 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49244.1727232125.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49244.1727232125.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=49d7aab639ee646587a4bdfba18c63d35d1eea8660230449fe52a038de60e51f&X-Amz-Date=20251210T020419Z"} [2025-12-10 10:04:20.350] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:20.350] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:20.350] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:20.350] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:20.350] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:20.351] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:20.519] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.pcap.TCP_192-168-112-140_51129_192-168-112-141_49244.1727232125.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332260351, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49244, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9965613085791998, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:04:20.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:20.519] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:20.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:20.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:23.451] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25321 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41529_192-168-163-23_443.1726205304.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41529_192-168-163-23_443.1726205304.jsonl?X-Amz-Date=20251210T020422Z&X-Amz-SignedHeaders=host&X-Amz-Signature=de9e4f4dad395802f1a397f9789e702d999cfe4c93d07382757718c62c75ebbd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:04:23.452] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:23.452] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:23.452] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:23.452] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:23.452] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:23.452] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:23.617] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41529_192-168-163-23_443.1726205304.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332263452, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41529, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9876990947565499, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:23.617] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:23.617] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:23.617] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:23.617] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:26.552] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25677 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61661.1727518163.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61661.1727518163.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020426Z&X-Amz-Signature=27121192174b3deb82f579612e6163c15d657c359cded3a714f75f8e82838285&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:04:26.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:26.552] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:26.553] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:26.553] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:26.553] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:26.553] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:26.737] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61661.1727518163.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332266553, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61661, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:04:26.737] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:26.737] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:26.737] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:26.737] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:29.655] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24556 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50448.1727159685.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50448.1727159685.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d3b593e7db77e86a314fc23b65de554ebf51516b2348154ffa87202a74d4501f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020429Z"} [2025-12-10 10:04:29.655] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:29.655] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:29.655] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:29.655] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:29.655] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:29.656] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:29.847] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50448.1727159685.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332269656, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50448, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8561333002701108, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:29.847] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:29.847] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:29.847] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:29.847] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:32.758] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25678 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50451.1727159689.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50451.1727159689.jsonl?X-Amz-Expires=604800&X-Amz-Signature=d4a8c7754fff3bdcaa15473261baee53f6380b423b68f67a4726c86d2121caf0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020432Z"} [2025-12-10 10:04:32.759] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:32.759] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:32.759] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:32.759] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:32.759] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:32.760] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:32.956] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50451.1727159689.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332272760, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50451, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8274199630783736, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:32.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:32.956] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:32.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:32.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:35.862] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25322 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50452.1727159690.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50452.1727159690.jsonl?X-Amz-Signature=49994c7de3a3464a97610f417e6f0444b99bcd7be0e5e02426f37e1acde55ebe&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020435Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:04:35.862] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:35.862] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:35.862] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:35.862] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:35.862] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:35.863] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:36.055] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50452.1727159690.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332275863, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50452, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9622542297552491, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:36.055] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:36.055] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:36.055] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:36.055] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:38.964] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25323 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50453.1727159691.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50453.1727159691.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020438Z&X-Amz-SignedHeaders=host&X-Amz-Signature=00e7108ebb898adba732e924cd097cc6aaa735e907a469561c5cfbd1beb4d32b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:04:38.965] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:38.965] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:38.965] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:38.965] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:38.965] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:38.965] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:39.157] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50453.1727159691.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332278965, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50453, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9465658811252624, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:39.157] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:39.157] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:39.157] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:39.157] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:42.067] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25679 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50454.1727159693.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50454.1727159693.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4577f47701fc89143bac733a7dc72ea591e31d50465d18c44ddcb4461c6d73de&X-Amz-Date=20251210T020441Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:04:42.067] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:42.067] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:42.067] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:42.067] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:42.067] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:42.068] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:42.279] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50454.1727159693.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332282068, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50454, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9237116769276617, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:42.279] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:42.279] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:42.279] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:42.279] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:45.169] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24557 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50455.1727159694.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50455.1727159694.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020444Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=851a3d0637fa030af5c1a185a02885f6076c9291caffb8a5fb26aa3d76c27f89&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:04:45.169] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:45.169] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:45.170] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:45.170] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:45.170] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:45.170] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:45.372] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50455.1727159694.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332285170, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50455, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8178259229147375, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:45.372] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:45.372] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:45.372] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:45.372] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:48.273] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25680 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50456.1727159695.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50456.1727159695.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020447Z&X-Amz-Signature=4397385e84742982081f95455bb99085a873d4a5e4309ad5b03b9749ac81e32e&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:04:48.273] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:48.273] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:48.273] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:48.273] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:48.273] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:48.274] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:48.466] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50456.1727159695.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332288274, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50456, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6550124542186542, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:48.466] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:48.466] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:48.466] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:48.466] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:51.374] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25324 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50457.1727159696.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50457.1727159696.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020450Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8db18649fa177b9ca1d3228dff7a16e60baf0527e07f9c2b67fc6099725fe7cc"} [2025-12-10 10:04:51.375] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:51.375] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:51.375] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:51.375] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:51.375] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:51.376] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:51.541] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50457.1727159696.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332291376, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50457, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8881844764676449, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:51.541] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:51.541] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:51.541] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:51.541] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:54.477] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25681 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50460.1727159699.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50460.1727159699.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T020453Z&X-Amz-SignedHeaders=host&X-Amz-Signature=cec7e146a400b45c81abf85187bf7d4924234f92abe9c6ea47ea459140a9334b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:04:54.477] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:54.477] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:54.478] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:54.478] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:54.478] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:54.478] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:54.666] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50460.1727159699.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332294478, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50460, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9337957409302919, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:54.666] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:54.666] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:54.666] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:54.666] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:04:57.579] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24558 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50461.1727159700.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50461.1727159700.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=57e242e7adb08aa62411e042ad2d39a2688876f9dc97aeeaa9c05e7aa8392efa&X-Amz-Expires=604800&X-Amz-Date=20251210T020457Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:04:57.580] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:04:57.580] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:04:57.580] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:04:57.580] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:04:57.580] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:04:57.580] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:04:57.803] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50461.1727159700.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332297580, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50461, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8766804159278622, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:04:57.803] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:04:57.803] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:04:57.803] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:04:57.803] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:00.681] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25325 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50462.1727159702.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50462.1727159702.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f9710a831f3de34c6667bfec5b2118219fe0197eea413489ec22c517221e396f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020500Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:05:00.681] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:00.681] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:00.682] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:00.682] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:00.682] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:00.682] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:00.882] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50462.1727159702.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332300682, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50462, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8739267281198654, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:00.882] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:00.882] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:00.882] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:00.882] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:03.783] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25682 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50463.1727159703.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50463.1727159703.jsonl?X-Amz-Signature=1850710c34984d43ebaae6bca1e79081e84a3a0d07662c4fe70b978cf08ad9a3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020503Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:05:03.784] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:03.784] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:03.784] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:03.784] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:03.784] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:03.784] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:03.973] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50463.1727159703.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332303784, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50463, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7212493263319284, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:03.973] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:03.973] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:03.973] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:03.973] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:06.886] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25683 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50464.1727159704.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50464.1727159704.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020506Z&X-Amz-Expires=604800&X-Amz-Signature=3c2d29867d3ce0153e8e9a2398ae9d838c965d4c0b30df8a99a2e2281d8c2f06&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:05:06.886] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:06.886] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:06.886] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:06.886] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:06.886] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:06.887] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:07.077] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50464.1727159704.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332306887, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50464, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9927556625666566, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:07.077] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:07.077] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:07.077] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:07.077] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:09.988] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25684 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50465.1727159705.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50465.1727159705.jsonl?X-Amz-Signature=fe2a2c47aa4fc71a85dcc7f07eae2822de33bbd842d1626ac364b825cb593f2f&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020509Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:05:09.988] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:09.988] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:09.988] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:09.988] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:09.988] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:09.989] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:10.180] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50465.1727159705.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332309989, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50465, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9918610516124646, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:10.180] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:10.180] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:10.180] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:10.180] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:13.090] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25685 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50466.1727159706.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50466.1727159706.jsonl?X-Amz-Signature=bf0c41bb4fa22e08ab014ba8cb5469607cff2b4ff98e9016af3961fd0c0ddc7d&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020512Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:05:13.091] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:13.091] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:13.091] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:13.091] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:13.091] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:13.091] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:13.284] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50466.1727159706.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332313091, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50466, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9385947596844778, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:13.284] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:13.284] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:13.284] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:13.284] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:16.193] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24559 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50467.1727159707.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50467.1727159707.jsonl?X-Amz-Signature=d5c6f55dc147c9ad9197ff829e872feadf109392fff7583bd71050ef516b15e8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020515Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:05:16.193] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:16.193] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:16.194] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:16.194] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:16.194] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:16.195] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:16.387] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50467.1727159707.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332316195, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50467, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7115084736428052, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:16.387] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:16.387] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:16.387] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:16.387] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:19.295] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24560 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50468.1727159708.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50468.1727159708.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=def98f37eb3fbb44f7762bbfdc5ffb20f459943f131c540e5cd577d5dc023bea&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020518Z"} [2025-12-10 10:05:19.295] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:19.295] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:19.295] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:19.295] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:19.295] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:19.295] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:19.487] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50468.1727159708.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332319296, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50468, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8018646925426739, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:19.487] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:19.487] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:19.487] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:19.487] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:22.397] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25686 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50469.1727159710.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50469.1727159710.jsonl?X-Amz-Signature=7c3e8c46dcc6054723eaa53ef3c6d6d03e2e360c501cd7ec7e813b73bfdbf9f4&X-Amz-Date=20251210T020521Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:05:22.398] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:22.398] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:22.398] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:22.398] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:22.398] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:22.398] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:22.593] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50469.1727159710.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332322398, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50469, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9630902025436278, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:22.593] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:22.593] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:22.593] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:22.593] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:25.500] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24561 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50470.1727159711.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50470.1727159711.jsonl?X-Amz-Expires=604800&X-Amz-Signature=56f40f2ea87f32d4212ddb261e76d52f37930f2a33d6a9882169c21ad3f7aae2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020524Z"} [2025-12-10 10:05:25.500] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:25.500] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:25.500] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:25.500] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:25.500] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:25.500] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:25.692] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50470.1727159711.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332325501, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50470, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9778479528954627, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:25.692] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:25.692] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:25.692] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:25.692] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:28.604] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25326 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50471.1727159712.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50471.1727159712.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e869cc54eb5cd4fa67ca937b45086b4843be6230145e411ca1bdc046103d600d&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020528Z"} [2025-12-10 10:05:28.604] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:28.604] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:28.604] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:28.604] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:28.604] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:28.605] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:28.801] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50471.1727159712.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332328605, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50471, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8753867325600264, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:28.801] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:28.801] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:28.801] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:28.801] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:31.708] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24562 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50472.1727159713.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50472.1727159713.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020531Z&X-Amz-Expires=604800&X-Amz-Signature=5f5ba92c8c22fa5dc822046d896050cbfefd77ceddcbcccabab197f1bb57fcbf"} [2025-12-10 10:05:31.708] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:31.708] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:31.708] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:31.708] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:31.709] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:31.709] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:31.952] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50472.1727159713.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332331710, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50472, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9501198340432971, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:31.953] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:31.953] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:31.953] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:31.953] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:34.810] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25687 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50475.1727159715.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50475.1727159715.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f06d93d1f3a1ba7a0abbde9eebedb12ae7e8505c58ce1c19a8551ff3f7e6d30d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020534Z&X-Amz-Expires=604800"} [2025-12-10 10:05:34.810] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:34.810] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:34.811] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:34.811] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:34.811] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:34.812] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:35.003] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50475.1727159715.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332334812, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50475, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5976508091250565, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:35.003] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:35.003] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:35.003] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:35.003] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:37.913] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25688 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50476.1727159716.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50476.1727159716.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020537Z&X-Amz-SignedHeaders=host&X-Amz-Signature=e902ce3f487e6a8cabcf84d6b53eeb1b0902c1877cc61ae633e537d10dab1bde"} [2025-12-10 10:05:37.913] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:37.913] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:37.913] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:37.913] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:37.913] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:37.914] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:38.105] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50476.1727159716.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332337914, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50476, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9444439587238346, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:38.105] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:38.105] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:38.105] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:38.105] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:41.016] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24563 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50477.1727159718.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50477.1727159718.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020540Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=2ef361d13db5aa476053f7de6de16d306e1b3d726b4f95e08a8d4125d1073c56"} [2025-12-10 10:05:41.016] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:41.016] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:41.016] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:41.016] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:41.016] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:41.017] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:41.212] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50477.1727159718.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332341017, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50477, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8894632108572206, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:41.212] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:41.212] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:41.212] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:41.212] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:44.118] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25689 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50478.1727159719.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50478.1727159719.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020543Z&X-Amz-SignedHeaders=host&X-Amz-Signature=2cfee4df4b651c89810ee17bf151c6b8220f6692a4494e347f22aa3416e008d8&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:05:44.119] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:44.119] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:44.119] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:44.119] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:44.119] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:44.120] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:44.315] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50478.1727159719.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332344120, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50478, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8867138406207913, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:44.315] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:44.315] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:44.315] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:44.315] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:47.221] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24564 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50479.1727159720.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50479.1727159720.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020546Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=f78d8c2a820b48d65e5fe6133336605c78b7b3ba860803e2205528d3e09462d9"} [2025-12-10 10:05:47.221] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:47.221] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:47.221] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:47.221] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:47.221] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:47.222] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:47.430] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50479.1727159720.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332347222, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50479, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8608551881795766, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:47.431] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:47.431] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:47.431] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:47.431] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:50.323] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25690 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50480.1727159721.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50480.1727159721.jsonl?X-Amz-Date=20251210T020549Z&X-Amz-Signature=23a03c38ebda58f382221795373795ca40ab1248ba2ae964dd90372326adbd4e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:05:50.323] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:50.323] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:50.323] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:50.323] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:50.323] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:50.324] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:50.531] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50480.1727159721.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332350325, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50480, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8768360047823152, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:50.531] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:50.531] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:50.531] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:50.531] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:53.515] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25327 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.1726796372.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.1726796372.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020553Z&X-Amz-Expires=604800&X-Amz-Signature=b9d421f312e84e2a430258961cbeea71fb24a51c184d43e57e8abaa488e818ee&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:05:53.515] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:53.515] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:53.515] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:53.515] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:53.515] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:53.515] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:53.737] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.1726796372.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 12, "abnormal_count": 12, "normal_count": 0, "timestamp": 1765332353515, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51158, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8248391299231592, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51142, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9002966346730812, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51146, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51156, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7904833379047614, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51150, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.683703974792815, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51153, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7858296540117953, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51155, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6404692550467705, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51152, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9564240808157058, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51144, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.385851583840364, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51147, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.5574287788486448, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51149, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7930476786332924, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51159, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7354736177059842, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:05:53.737] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-10 10:05:53.737] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:53.737] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:53.737] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:56.616] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25691 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50481.1727159722.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50481.1727159722.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020556Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=8b7927d8649428336e9304caec294bd9e8e5e947c947951a4fefd96d7ff39af2"} [2025-12-10 10:05:56.616] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:56.616] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:56.617] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:56.617] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:56.617] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:56.617] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:56.823] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50481.1727159722.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332356617, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50481, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6620730752219484, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:05:56.823] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:56.823] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:56.823] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:56.823] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:05:59.720] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25328 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50484.1727159725.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50484.1727159725.jsonl?X-Amz-Date=20251210T020559Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cb6f56902e8d9c9c30d618dfcdb9d25c4e07699650f7e18b90714158d567f72a"} [2025-12-10 10:05:59.720] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:05:59.720] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:05:59.720] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:05:59.720] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:05:59.720] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:05:59.721] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:05:59.928] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50484.1727159725.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332359721, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50484, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.777173441974523, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:05:59.928] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:05:59.928] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:05:59.928] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:05:59.928] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:02.821] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24565 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50485.1727159726.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50485.1727159726.jsonl?X-Amz-Date=20251210T020602Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=9703492fedcead357910eb7219eede6a34743860d742db63e5ba86c12f886919&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:06:02.821] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:02.821] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:02.822] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:02.822] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:02.822] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:02.822] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:03.026] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50485.1727159726.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332362822, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50485, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8079560299283343, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:06:03.026] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:03.026] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:03.026] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:03.026] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:05.924] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25692 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50486.1727159727.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50486.1727159727.jsonl?X-Amz-Signature=7f9ff504bf1ac52d32361e104cb383903c5878bbc16770091d24284fbf413826&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020605Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:06:05.925] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:05.925] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:05.925] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:05.925] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:05.925] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:05.926] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:06.164] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50486.1727159727.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332365926, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50486, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8854999027550163, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:06:06.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:06.164] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:06.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:06.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:09.027] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25693 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50487.1727159728.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50487.1727159728.jsonl?X-Amz-Expires=604800&X-Amz-Signature=55a12827605bebed095b3523e785a936b6256cdb650820eed55ab84550ffbf65&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020608Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:06:09.027] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:09.027] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:09.027] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:09.027] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:09.027] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:09.028] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:09.220] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50487.1727159728.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332369028, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50487, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.6872012369079102, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:09.220] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:09.220] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:09.220] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:09.220] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:12.128] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24566 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50488.1727159729.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50488.1727159729.jsonl?X-Amz-Signature=d2eac33af06f0eb38b7488e838adbb84b9b68604408309a668f82bd8c43c9037&X-Amz-Date=20251210T020611Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:06:12.128] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:12.128] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:12.129] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:12.129] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:12.129] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:12.129] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:12.324] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50488.1727159729.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332372129, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50488, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8096350199225714, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:12.324] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:12.324] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:12.324] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:12.324] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:15.231] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25329 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50489.1727159730.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50489.1727159730.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020614Z&X-Amz-Signature=f026d14a9fe43178a5e74dd19d7fb7b12dc1d5d8f0d6efa400e458ad3ef2bfc9"} [2025-12-10 10:06:15.232] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:15.232] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:15.232] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:15.232] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:15.232] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:15.232] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:15.440] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50489.1727159730.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332375232, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50489, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7730757449807033, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:06:15.440] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:15.440] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:15.440] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:15.440] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:18.334] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25694 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50490.1727159731.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50490.1727159731.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=f7d69e4bbdde26b6ad369bff6333c6bdaed59a91225dc309b553952e6e41968f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020617Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:06:18.334] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:18.334] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:18.334] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:18.334] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:18.335] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:18.335] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:18.528] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50490.1727159731.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332378336, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50490, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9083148784560441, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:06:18.528] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:18.528] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:18.528] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:18.528] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:21.437] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25695 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50491.1727159733.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50491.1727159733.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c4fff8997cdb69471c75202deb1a4c21be4f173deada48c564720f9c81953da9&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020620Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:06:21.437] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:21.437] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:21.437] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:21.437] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:21.437] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:21.438] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:21.629] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50491.1727159733.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332381438, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50491, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9055755776829566, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:06:21.629] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:21.629] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:21.629] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:21.629] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:24.540] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25330 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50492.1727159734.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50492.1727159734.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020624Z&X-Amz-Signature=d2d85e1ab4783a25110f94996985891b0e86c1f16110cb7e14b2c16712e62381&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:06:24.540] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:24.540] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:24.540] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:24.540] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:24.540] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:24.541] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:24.733] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50492.1727159734.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332384541, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50492, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9985325956810535, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:24.733] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:24.733] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:24.733] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:24.733] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:27.642] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25696 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50493.1727159735.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50493.1727159735.jsonl?X-Amz-Date=20251210T020627Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=121dded9d7c608def1a701f57f8e9e7da9820a675f8df74abf7376abcd2374a7&X-Amz-Expires=604800"} [2025-12-10 10:06:27.642] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:27.642] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:27.643] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:27.643] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:27.643] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:27.643] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:27.851] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50493.1727159735.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332387643, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50493, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7927906307368934, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:06:27.851] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:27.851] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:27.851] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:27.851] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:30.745] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24567 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50474.1727159714.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50474.1727159714.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020630Z&X-Amz-Expires=604800&X-Amz-Signature=1cd0a287fd9e38a4e004038f6f7b2a846b46937bc326c458f44bddf45ddd3765"} [2025-12-10 10:06:30.745] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:30.745] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:30.745] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:30.745] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:30.745] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:30.746] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:30.910] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50474.1727159714.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332390746, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50474, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.774733297741169, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:30.910] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:30.910] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:30.910] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:30.910] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:33.847] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24568 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50483.1727159724.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50483.1727159724.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=7039603312c6ef1dfea7f474f7f013fe4660fb66d374ab32e38543c93cfb7758&X-Amz-Date=20251210T020633Z&X-Amz-Expires=604800"} [2025-12-10 10:06:33.847] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:33.847] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:33.848] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:33.848] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:33.848] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:33.849] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:34.045] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50483.1727159724.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332393849, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50483, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5945419797780971, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:06:34.045] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:34.045] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:34.045] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:34.045] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:36.950] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25697 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54358.1726130503.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54358.1726130503.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=70652031d5834634d85c05863d713a2d0955ef7747d2be36d9c148f22b9adce2&X-Amz-Date=20251210T020636Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:06:36.950] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:36.951] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:36.951] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:36.951] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:36.951] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:36.951] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:37.160] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54358.1726130503.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332396951, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54358, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.49381248622124246, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:37.160] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:37.160] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:37.160] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:37.160] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:40.052] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25331 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42210_192-168-163-23_80.1726208586.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42210_192-168-163-23_80.1726208586.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d112a70780d83e57918608fb6fa36828c28869f68329d10f699d960150ea6794&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020639Z"} [2025-12-10 10:06:40.052] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:40.052] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:40.052] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:40.052] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:40.052] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:40.053] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:40.285] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42210_192-168-163-23_80.1726208586.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332400053, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42210, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:40.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:40.285] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:40.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:40.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:43.155] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25332 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53555_192-168-112-135_443.1726624870.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53555_192-168-112-135_443.1726624870.jsonl?X-Amz-Date=20251210T020642Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=57328950f0439fa0a5adf81fdf8816315dccbd25a2f0faef3c4b48d7430d09ab"} [2025-12-10 10:06:43.155] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:43.155] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:43.155] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:43.155] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:43.155] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:43.156] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:43.358] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53555_192-168-112-135_443.1726624870.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332403156, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53555, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999923337358079, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:43.358] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:43.358] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:43.358] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:43.358] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:46.258] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25698 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44848.1726132117.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44848.1726132117.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=73ba7d9302776448ee7cfd95ac3c7e48f87e4a5b043e45def5b92df58495d746&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020645Z&X-Amz-Expires=604800"} [2025-12-10 10:06:46.258] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:46.258] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:46.258] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:46.258] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:46.258] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:46.259] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:46.451] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44848.1726132117.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332406259, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44848, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8577944376622961, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:46.451] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:46.451] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:46.451] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:46.451] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:49.359] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25333 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44852.1726132120.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44852.1726132120.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=f28a1d2f6ea96ce92f6211981d3dd16a67e10cbc8cd27bf73a3749b9b8ef55e5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020648Z"} [2025-12-10 10:06:49.359] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:49.359] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:49.359] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:49.359] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:49.359] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:49.360] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:49.557] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-136_44852.1726132120.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332409360, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44852, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7941063337160675, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:49.557] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:49.557] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:49.557] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:49.557] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:52.462] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25699 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44884.1726132168.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44884.1726132168.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=772852421ffba70fd37b8eea79d190c369b24496d47180663be93d719c8b712f&X-Amz-Date=20251210T020651Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:06:52.462] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:52.462] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:52.463] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:52.463] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:52.463] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:52.464] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:52.672] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44884.1726132168.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332412464, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44884, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9062125665453248, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:52.672] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:52.672] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:52.672] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:52.672] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:55.565] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25334 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44886.1726132172.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44886.1726132172.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=94f83ae542f64ae55e44d42cce422c86bfbae12702be80d823c5272283c6602c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020655Z"} [2025-12-10 10:06:55.565] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:55.565] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:55.565] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:55.565] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:55.565] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:55.565] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:55.758] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44886.1726132172.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332415566, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44886, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7458259782927552, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:55.758] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:55.758] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:55.758] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:55.758] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:06:58.668] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24569 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44890.1726132175.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44890.1726132175.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020658Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0c1ca5512206b48e37f8a0aec9a80b1a7822144a3f20bfe5e8cce74076e02206&X-Amz-Expires=604800"} [2025-12-10 10:06:58.668] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:06:58.668] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:06:58.668] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:06:58.668] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:06:58.668] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:06:58.669] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:06:58.863] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44890.1726132175.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332418669, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44890, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6809353544552849, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:06:58.863] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:06:58.863] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:06:58.863] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:06:58.863] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:01.769] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24570 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44894.1726132178.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44894.1726132178.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020701Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d85cfcee7b98bf3cb9853ef8b3fdda8bca52467cd206e52dff76cfb3698e6e0f"} [2025-12-10 10:07:01.770] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:01.770] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:01.770] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:01.770] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:01.770] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:01.770] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:01.966] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-136_44894.1726132178.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765332421770, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:07:01.966] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:07:01.966] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:04.872] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25335 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44906.1726132207.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44906.1726132207.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020704Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=087fb07d38c1e6e63bc0e2a79f2b1623ccfef46a18014104f8fb3d642d716900"} [2025-12-10 10:07:04.872] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:04.872] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:04.872] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:04.872] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:04.872] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:04.873] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:05.047] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44906.1726132207.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332424874, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44906, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.79266736051479, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:05.047] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:05.047] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:05.047] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:05.047] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:07.975] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24571 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44910.1726132213.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44910.1726132213.jsonl?X-Amz-Date=20251210T020707Z&X-Amz-Signature=87dcde30d9905700ebb3ca9b306e649150632a61310fe60663ee86bd8dc8daa2&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:07:07.975] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:07.975] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:07.975] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:07.975] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:07.975] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:07.976] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:08.182] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44910.1726132213.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765332427976, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:07:08.183] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:07:08.183] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:11.078] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24572 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44914.1726132216.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44914.1726132216.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T020710Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=ffc1f5d67601a46af17274624b626baad3381f04df05d9ce09b53e4c9f82a6ac"} [2025-12-10 10:07:11.078] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:11.078] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:11.078] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:11.078] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:11.078] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:11.078] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:11.271] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44914.1726132216.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332431078, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44914, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7921735825556696, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:11.271] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:11.271] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:11.271] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:11.271] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:14.180] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25336 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44918.1726132219.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44918.1726132219.jsonl?X-Amz-Signature=29a352537383523c29f320e0051f7cfe0708c113a0a6eaac6f43abc443ea4f40&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020713Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:07:14.180] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:14.180] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:14.181] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:14.181] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:14.181] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:14.182] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:14.376] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-136_44918.1726132219.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332434182, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44918, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7741551259482969, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:14.376] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:14.376] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:14.376] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:14.376] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:17.284] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25700 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53328.1726132246.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53328.1726132246.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020716Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=f9da7a66ac5e3ebb8f98193dec1c314b8d1b0be1a25b4f2731cce3800c582ade"} [2025-12-10 10:07:17.284] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:17.284] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:17.284] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:17.284] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:17.284] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:17.285] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:17.482] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53328.1726132246.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332437285, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53328, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7774317609580008, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:17.482] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:17.482] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:17.482] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:17.482] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:20.387] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25337 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53330.1726132249.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53330.1726132249.jsonl?X-Amz-Date=20251210T020719Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=79a9e93a9576a5b99533d27738426d6b00d71fa7b0c44e83f7a5e7a9915b45f1"} [2025-12-10 10:07:20.387] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:20.387] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:20.387] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:20.387] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:20.387] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:20.388] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:20.582] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53330.1726132249.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332440388, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53330, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8275845624305066, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:20.582] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:20.582] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:20.582] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:20.582] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:23.489] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25701 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53334.1726132252.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53334.1726132252.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020722Z&X-Amz-Expires=604800&X-Amz-Signature=c81030cc8e2a4411188b8138b2e02ce93e1c5564219d5edfa02de8338adeaada"} [2025-12-10 10:07:23.489] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:23.489] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:23.490] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:23.490] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:23.490] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:23.490] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:23.681] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53334.1726132252.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332443490, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53334, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7442508309553904, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:23.681] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:23.681] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:23.681] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:23.681] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:26.592] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24573 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53338.1726132256.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53338.1726132256.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020726Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=38ab6461c9f17360b38af34b3778b26f74474f7b71db10c1a312c8f3338fc235&X-Amz-SignedHeaders=host"} [2025-12-10 10:07:26.592] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:26.592] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:26.592] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:26.592] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:26.592] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:26.592] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:26.783] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-136_53338.1726132256.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332446592, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53338, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7490687046424453, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:26.783] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:26.783] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:26.783] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:26.783] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:29.707] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24574 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42089_192-168-163-23_443.1726207942.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42089_192-168-163-23_443.1726207942.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020729Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ab90d6d9656f4088d45134579b69af788570114396ecf064815e226f6192bda5&X-Amz-Expires=604800"} [2025-12-10 10:07:29.707] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:29.707] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:29.707] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:29.707] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:29.707] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:29.707] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:29.902] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux_https-1.pcap.TCP_192-168-163-21_42089_192-168-163-23_443.1726207942.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332449707, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42089, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999957984315957, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:07:29.902] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:29.902] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:29.902] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:29.902] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:32.808] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24575 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33840.1726130414.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33840.1726130414.jsonl?X-Amz-Signature=dd451704786afeccead8fa9539539cf539b702e19c681d9b4abc246716c08e43&X-Amz-Date=20251210T020732Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:07:32.809] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:32.809] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:32.809] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:32.809] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:32.809] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:32.809] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:32.969] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33840.1726130414.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332452809, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33840, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.836137429688432, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:32.969] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:32.969] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:32.969] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:32.969] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:35.911] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25702 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33860.1726130421.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33860.1726130421.jsonl?X-Amz-Date=20251210T020735Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=4bcd5fb592a925ab2c5c872782789aa3ac28d12d927710c4cadd2501a9cfa71f&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:07:35.911] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:35.911] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:35.911] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:35.911] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:35.911] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:35.911] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:36.117] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_33860.1726130421.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332455911, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33860, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6415493894027886, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:36.117] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:36.117] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:36.117] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:36.117] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:39.013] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24576 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35930.1726130424.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35930.1726130424.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d2797d66517d2a8cccd9039db3714e34a471314df60f7fab66cbb2066c65ab56&X-Amz-Date=20251210T020738Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:07:39.013] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:39.013] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:39.014] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:39.014] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:39.014] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:39.014] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:39.217] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35930.1726130424.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332459014, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35930, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6710350924313606, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:39.217] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:39.217] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:39.217] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:39.217] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:42.116] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24577 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35948.1726130427.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35948.1726130427.jsonl?X-Amz-Date=20251210T020741Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=318e32544214b770ef55b665dad7ce0f32b8918037779ea6a6d14d99ee06efac"} [2025-12-10 10:07:42.117] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:42.117] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:42.117] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:42.117] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:42.117] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:42.117] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:42.303] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_35948.1726130427.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332462118, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35948, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6346248737573055, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:42.303] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:42.303] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:42.303] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:42.303] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:45.218] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25703 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52872.1726130411.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52872.1726130411.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5231e41d1d3edf47d13b77cb8344e1a13882110c97e3c52b31fd6685f78a754b&X-Amz-Date=20251210T020744Z"} [2025-12-10 10:07:45.219] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:45.219] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:45.219] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:45.219] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:45.219] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:45.219] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:45.440] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.pcap.TCP_192-168-112-135_51129_192-168-112-140_52872.1726130411.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765332465220, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:07:45.440] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:07:45.440] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:48.323] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25338 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_37014.1726130500.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_37014.1726130500.jsonl?X-Amz-Date=20251210T020747Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e9d7e5b1ee6a4a922eda7453a1e3aa5e5d35d14fb6344bae45fb50697dbf4940&X-Amz-SignedHeaders=host"} [2025-12-10 10:07:48.323] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:48.323] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:48.323] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:48.323] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:48.323] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:48.324] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:48.519] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_37014.1726130500.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332468324, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 37014, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8351820553379743, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:48.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:48.519] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:48.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:48.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:51.426] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25339 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54374.1726130506.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54374.1726130506.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020750Z&X-Amz-SignedHeaders=host&X-Amz-Signature=9d178b530ba9d82e63f8bd8e458c87cee70c3a55407cadab698bd40c27237a2e"} [2025-12-10 10:07:51.426] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:51.426] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:51.426] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:51.426] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:51.426] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:51.427] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:51.620] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.pcap.TCP_192-168-112-135_51129_192-168-112-140_54374.1726130506.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765332471427, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:07:51.620] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:07:51.620] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:54.528] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25340 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51470.1726130544.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51470.1726130544.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=687662df22a8b04bfeb63eec536f8319157ea204aef77c5d5553c0b4b3454fa1&X-Amz-Date=20251210T020754Z&X-Amz-Expires=604800"} [2025-12-10 10:07:54.529] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:54.529] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:54.529] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:54.529] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:54.529] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:54.529] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:54.740] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51470.1726130544.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332474529, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51470, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7510731897204698, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:54.740] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:54.740] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:54.740] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:54.740] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:07:57.631] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25704 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51490.1726130547.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51490.1726130547.jsonl?X-Amz-Date=20251210T020757Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=253adfd70a1ce613bda39edcc4c2844fffbfb7fc828164e4985ca3da79b9d95c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:07:57.631] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:07:57.631] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:07:57.631] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:07:57.631] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:07:57.631] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:07:57.632] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:07:57.821] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51490.1726130547.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332477632, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51490, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6827157059025345, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:07:57.821] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:07:57.821] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:07:57.821] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:07:57.821] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:00.733] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25341 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51740.1726130538.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51740.1726130538.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=fd8e9ac987ce1c0a8a3dabeabce805c38e7f6e2cef4acf27ab700e21a565d32d&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020800Z"} [2025-12-10 10:08:00.734] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:00.734] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:00.734] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:00.734] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:00.734] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:00.735] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:00.946] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.pcap.TCP_192-168-112-135_51129_192-168-112-140_51740.1726130538.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332480735, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51740, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6726794156067787, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:00.946] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:08:00.946] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:00.946] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:00.946] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:03.836] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24578 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41946.1726130604.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41946.1726130604.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020803Z&X-Amz-Expires=604800&X-Amz-Signature=155e04e47f1f108e37a104874f383cb83e1b902387849a1350376652ab1a6231&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:08:03.836] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:03.836] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:03.837] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:03.837] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:03.837] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:03.837] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:04.031] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.pcap.TCP_192-168-112-135_51119_192-168-112-140_41946.1726130604.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332483838, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41946, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.679443760457275, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:04.031] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:08:04.031] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:04.031] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:04.031] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:06.960] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24579 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42261_192-168-163-23_443.1726208830.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42261_192-168-163-23_443.1726208830.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020806Z&X-Amz-SignedHeaders=host&X-Amz-Signature=70db7d0ca234114fe8377559bd7b460e6fad89e12e2e31aaa8fda45abc8aa65c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:08:06.960] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:06.960] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:06.961] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:06.961] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:06.961] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:06.961] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:07.170] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-https-1.pcap.TCP_192-168-163-21_42261_192-168-163-23_443.1726208830.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332486961, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42261, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998839809681442, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:08:07.171] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:08:07.171] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:07.171] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:07.171] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:10.082] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25705 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11605.1726284537.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11605.1726284537.jsonl?X-Amz-Signature=8439c4d977d17a72b7c8a98615cc58ee700061d3dd4fb3b0116968b9090954be&X-Amz-Date=20251210T020809Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:08:10.082] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:10.082] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:10.082] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:10.082] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:10.082] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:10.083] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:10.287] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11605.1726284537.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332490083, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11605, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.9999068037842808, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:08:10.287] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:08:10.287] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:10.287] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:10.287] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:13.203] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24580 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.1726023698.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.1726023698.jsonl?X-Amz-Signature=e81ade94c8229edce7cb59edef62d650925c6f5ac7c4e8a95e4e6b7cfbf3525a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020812Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:08:13.203] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:13.203] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:13.203] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:13.203] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:13.203] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:13.204] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:13.394] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.1726023698.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332493204, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50196, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9580245061965472, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:08:13.394] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:08:13.394] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:13.394] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:13.394] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:16.305] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25706 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42203_192-168-163-23_80.1726208539.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42203_192-168-163-23_80.1726208539.jsonl?X-Amz-Signature=48b66e5d5aaec89c6455cc1b8ffb64c956aa2951fdf10e97fb73347313e897e0&X-Amz-Date=20251210T020815Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:08:16.305] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:16.305] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:16.305] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:16.305] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:16.305] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:16.305] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:16.497] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID64_godzillav4.01_php_linux-http-1.pcap.TCP_192-168-163-21_42203_192-168-163-23_80.1726208539.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332496306, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 42203, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:16.497] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:08:16.497] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:16.497] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:16.497] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:19.423] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25342 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50196.1726023698.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50196.1726023698.jsonl?X-Amz-Signature=37d9664521eff85ab924d8059fb87143cbeb66a70ab5d6d292a530b2c40168fd&X-Amz-Date=20251210T020818Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:08:19.423] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:19.423] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:19.423] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:19.423] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:19.423] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:19.424] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:19.619] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50196.1726023698.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332499424, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50196, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9580245061965472, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:08:19.619] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:08:19.619] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:19.619] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:19.619] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:22.543] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25707 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.1726040056.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.1726040056.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d885035f676b747af8baa58efce37a1907b2c7d1539a9b7e122332fe012e198e&X-Amz-Date=20251210T020822Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:08:22.543] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:22.543] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:22.543] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:22.543] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:22.543] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:22.544] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:22.772] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.1726040056.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332502544, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49212, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9726859149153515, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:08:22.772] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:08:22.772] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:22.772] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:22.772] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:25.661] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25343 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49212.1726040056.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49212.1726040056.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020825Z&X-Amz-Expires=604800&X-Amz-Signature=4ce4e37a55d16f7f4cf1beefc9081f0b1f2b6f574783840586a4de9f49898de1"} [2025-12-10 10:08:25.662] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:25.662] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:25.662] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:25.662] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:25.662] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:25.662] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:25.854] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49212.1726040056.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332505663, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49212, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9726859149153515, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:08:25.854] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:08:25.854] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:25.854] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:25.854] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:28.781] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25708 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain3.1726211430.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain3.1726211430.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020828Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=6b30f21aeaf7734aa2d543326074e21297fe1ad692b276e74289e832d6e0a8c6"} [2025-12-10 10:08:28.782] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:28.782] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:28.782] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:28.782] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:28.782] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:28.782] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:29.022] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain3.1726211430.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765332508782, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49905, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9990727495298456, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49907, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9067464294218052, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49909, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9897636417034154, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49903, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9887460979769674, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49908, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9857839338628928, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49900, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9948395387043772, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49899, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49911, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9938140771153121, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49901, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9889436091438827, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49913, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9982344826586815, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49910, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9796287211799263, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49914, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9607283513372386, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49904, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9823949331172888, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49915, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9954527869549163, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49906, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9539686118113468, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49912, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9919412506719519, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49902, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8974148085640757, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49916, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9966431162078648, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49917, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9916351398098372, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:29.022] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-10 10:08:29.022] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:29.022] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:29.022] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:31.901] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25344 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_IP.1726211226.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_IP.1726211226.jsonl?X-Amz-Signature=0f0ebdef3b7569fc84bd56a9c59da94822f2a28b5f977c13ca799a4197dd015e&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020831Z"} [2025-12-10 10:08:31.901] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:31.901] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:31.901] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:31.901] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:31.901] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:31.902] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:32.145] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_IP.1726211226.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765332511902, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49809, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9784198949725982, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49818, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9862157546679893, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49816, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9995910540218641, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49815, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9999240416438284, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49822, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9823260744028816, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49810, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9998079474185828, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49806, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9935560534082867, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49817, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9793632450718504, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49804, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49814, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.998501514671926, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49805, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9920077460461967, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49820, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9928479720912123, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49821, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9625666120444648, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49808, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9969521192187903, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49807, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9977917195914591, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49811, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9943658481262561, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49812, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9829046154474818, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49813, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9798099140911304, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49819, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9955990873685386, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:32.145] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-10 10:08:32.145] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:32.145] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:32.145] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:35.025] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25345 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.1727232101.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.1727232101.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020834Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=a34579fe441b435966a6d0a3e88dd58dc885d4ffcb604adb1a049cd5f18abef0"} [2025-12-10 10:08:35.026] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:35.026] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:35.026] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:35.026] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:35.026] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:35.027] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:35.265] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_domain2.1727232101.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765332515027, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49241, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9916490801881285, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49242, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9929056904995154, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49236, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.997067507502594, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49243, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9833003297276995, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49240, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9857957295444639, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49234, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.979683017409808, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49246, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9788907865142036, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49244, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9965613085791998, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49250, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8794335776698408, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49233, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49238, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9885446014610835, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49248, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9771774959854481, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49247, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9880475565625114, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49245, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9911565590263544, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49239, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9826038775697016, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49251, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9486643919608937, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49249, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9846401513557035, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49235, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9875123349483848, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49237, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9908266930075992, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:35.265] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-10 10:08:35.265] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:35.265] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:35.265] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:38.149] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25709 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain2.1726211393.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain2.1726211393.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020837Z&X-Amz-Signature=69711e0fb593ff30b93fc678117d766c209ee9404c439deab2f1c9d84296fa4a&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:08:38.149] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:38.149] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:38.149] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:38.150] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:38.150] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:38.150] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:38.387] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain2.1726211393.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765332518150, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49883, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9878903147697448, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49881, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8995113394605257, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49889, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9938759104061451, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49880, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9712794985383143, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49886, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9928744480485148, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49888, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9903771380962567, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49894, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.99746395219379, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49898, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9996529560349297, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49897, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9994213323044768, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49895, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9864507903178709, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49879, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9956612798915031, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49884, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9902828193691182, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49885, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9940987345212152, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49890, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9729464728932783, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49896, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9961504118759825, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49887, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9921424753924339, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49893, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9848222756113998, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49882, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9843684134959988, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49878, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:38.387] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-10 10:08:38.387] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:38.387] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:38.387] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:41.269] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24581 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.1727231967.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.1727231967.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=47884ad474e40893eef00eaeef74ef6b71613c8b28fd972a69735346880da098&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020840Z"} [2025-12-10 10:08:41.269] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:41.269] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:41.269] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:41.269] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:41.269] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:41.269] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:41.505] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP2.1727231967.jsonl|result:{"code": 1, "total_count": 20, "alert_count": 20, "abnormal_count": 20, "normal_count": 0, "timestamp": 1765332521269, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49213, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.990179628789841, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49207, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9840696405518794, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49199, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9952403705974404, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49209, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9892837232221853, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49211, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9903930428900941, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49215, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49206, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.996942041276261, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49208, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9466104554158971, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49202, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9742939516235932, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49210, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9663153021139226, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49201, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9859706429360936, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49198, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9944640734596082, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49200, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8459506814175894, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49214, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9963889675905823, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49204, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9920499818102524, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49205, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.996258844166322, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49196, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49197, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9843356646814752, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49203, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9998348662958627, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49212, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9805945283495787, "2_count": 20, "2_sum": 20, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:41.505] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 20|max_alert: 1000 [2025-12-10 10:08:41.505] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:41.505] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:41.505] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:44.391] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25710 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain1.1726211358.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain1.1726211358.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020843Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1f41e9910891a0c5c81dbea00bdf28f7fff675e6b09e03ff1b2e2229adc4ebfc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:08:44.391] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:44.391] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:44.391] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:44.391] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:44.391] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:44.392] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:44.637] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID23-tls1.3CS4.8_mac_ubuntu_jdk_domain1.1726211358.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765332524392, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49874, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9876370849085667, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49862, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.993998746337398, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49863, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9901185710129757, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49865, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9973994455010247, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49868, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9999025551235928, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49875, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9966615696824686, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49877, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9468058447807375, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49871, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7764728055013342, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49861, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9827068710039205, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49864, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.71921150619101, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49876, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.952977727642738, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49859, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49867, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9706477604099989, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49860, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9617252563225832, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49869, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9959248745706883, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49870, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.914970406475019, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49873, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9984619517211837, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49872, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.993074132962868, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49866, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9743059507492364, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:44.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-10 10:08:44.637] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:44.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:44.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:47.508] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24582 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_IP.1726209740.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_IP.1726209740.jsonl?X-Amz-Date=20251210T020846Z&X-Amz-Expires=604800&X-Amz-Signature=c89c0b4b799d873fe7542f793d840d8ffc151c49fedcbd982944b81cdb968d5c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:08:47.509] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:47.509] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:47.509] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:47.509] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:47.509] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:47.510] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:47.739] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_IP.1726209740.jsonl|result:{"code": 1, "total_count": 17, "alert_count": 17, "abnormal_count": 17, "normal_count": 0, "timestamp": 1765332527510, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49636, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9998476325444733, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49644, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9919179404311237, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49640, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.995109299634593, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49646, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.997903385505614, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49639, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8493997374881902, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49635, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9826517428931141, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49641, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9973106301578313, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49633, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49645, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9995962586523489, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49638, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9848839800602204, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49648, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9997528086303855, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49647, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9728578823302751, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49637, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9990690373984977, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49634, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9848518244022456, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49649, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9799294573859498, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49642, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9991689155402528, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49643, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.937764546813778, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:47.739] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 17|max_alert: 1000 [2025-12-10 10:08:47.739] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:47.739] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:47.739] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:50.632] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25346 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.1726212710.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.1726212710.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=1b6d33c4a50b15f7f07628305d3b4c21dbcee8abe8ccb495fdc40de09dcb87ed&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020850Z"} [2025-12-10 10:08:50.632] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:50.632] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:50.632] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:50.632] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:50.632] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:50.633] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:50.861] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID21-tls1.3CS4.8_mac_kali_jdk_IP1.1726212710.jsonl|result:{"code": 1, "total_count": 16, "alert_count": 16, "abnormal_count": 16, "normal_count": 0, "timestamp": 1765332530633, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50127, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9947485815446498, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50129, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.983151851486558, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50131, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9993986883604957, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50124, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9878386178448167, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50123, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9737056284005778, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50128, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9934623185581525, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50122, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50125, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9902112973095163, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50132, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.937681800988194, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50126, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9886484413236557, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50134, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9891992744984781, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50135, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9780476306840957, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50136, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.96622869987999, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50133, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9997844571775872, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50130, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9610371025904593, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50137, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9813952725009292, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:50.861] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 16|max_alert: 1000 [2025-12-10 10:08:50.861] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:50.861] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:50.861] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:53.750] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25347 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58782_192-168-17-132_443.1726121356.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58782_192-168-17-132_443.1726121356.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=be58bf8bcf470dc235b0d0bffdb59d106b0fe4f2ce8332588887f65fddfb677f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020853Z"} [2025-12-10 10:08:53.750] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:53.750] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:53.750] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:53.750] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:53.750] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:53.751] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:53.982] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID78_Z_Godzilla_ekp1.0_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_58782_192-168-17-132_443.1726121356.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332533751, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 58782, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999574183819978, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:08:53.982] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:08:53.982] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:53.982] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:53.982] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:56.871] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25348 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_IP1.1726212164.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_IP1.1726212164.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7954f0b295e43a654b25b7d08ed15380ba564993329839f327b1be332dfa1a26&X-Amz-Date=20251210T020856Z"} [2025-12-10 10:08:56.871] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:56.871] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:56.872] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:56.872] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:56.872] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:56.872] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:08:57.108] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_IP1.1726212164.jsonl|result:{"code": 1, "total_count": 17, "alert_count": 17, "abnormal_count": 17, "normal_count": 0, "timestamp": 1765332536872, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49927, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9963965348634888, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49922, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9817476920454372, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49933, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9402817168674891, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49936, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9838284865500456, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49937, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49929, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9733069440917393, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49931, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9967945068710398, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49935, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9965269141866234, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49932, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9401520183286568, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49926, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9515147999731864, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49928, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9902081764450924, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49924, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9944142321188765, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49930, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9531053070566292, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49921, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49923, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9857729476441964, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49925, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9771283269574098, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 49934, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9950751103140646, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:08:57.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 17|max_alert: 1000 [2025-12-10 10:08:57.108] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:08:57.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:08:57.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:08:59.986] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24583 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.1726045043.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.1726045043.jsonl?X-Amz-Signature=0aa9e5de29bc8af5e5f7824851f67ae0fca2edb885fad0d46cb3027b1dac0d82&X-Amz-Expires=604800&X-Amz-Date=20251210T020859Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:08:59.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:08:59.986] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:08:59.986] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:08:59.986] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:08:59.986] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:08:59.987] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:00.203] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.1726045043.jsonl|result:{"code": 1, "total_count": 3, "alert_count": 3, "abnormal_count": 3, "normal_count": 0, "timestamp": 1765332539987, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49265, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9812522998406604, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49263, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49264, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:00.203] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 3|max_alert: 1000 [2025-12-10 10:09:00.203] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:00.203] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:00.203] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:03.105] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24584 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49265.1726045050.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49265.1726045050.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=37c67c218cacfce9fa5d4897e2e2d371bb624a94fb2157a2788b1e27272152d0&X-Amz-Date=20251210T020902Z&X-Amz-Expires=604800"} [2025-12-10 10:09:03.105] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:03.105] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:03.106] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:03.106] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:03.106] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:03.107] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:03.376] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49265.1726045050.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332543107, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49265, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9812522998406604, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:09:03.376] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:09:03.376] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:03.376] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:03.376] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:06.220] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24585 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43326.1726308998.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43326.1726308998.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020905Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f593b8b9536aa290f2cab0181079581d4fcc284653416ae50f6621045d188618&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:09:06.220] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:06.220] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:06.220] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:06.220] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:06.220] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:06.221] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:06.485] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43326.1726308998.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332546221, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43326, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999876455423057, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:09:06.486] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:09:06.486] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:06.486] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:06.486] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:09.336] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25711 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_35157_192-168-17-132_443.1726129243.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_35157_192-168-17-132_443.1726129243.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020908Z&X-Amz-Signature=d1b08a57ad699fc8aec877171fa8ddac6e56bd9fdd416a8271755e234aa55f87&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:09:09.336] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:09.336] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:09.336] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:09.336] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:09.336] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:09.337] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:09.554] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID77_Z_Godzilla_ekp1.1_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_35157_192-168-17-132_443.1726129243.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332549337, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 35157, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9998950168438167, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:09:09.554] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:09:09.554] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:09.554] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:09.554] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:12.458] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24586 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain2.1726210973.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain2.1726210973.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=902ddf329444b08dac1acf6517bb3048e228f9d81c5e2342878864dee22e3413&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020911Z&X-Amz-Expires=604800"} [2025-12-10 10:09:12.459] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:12.459] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:12.459] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:12.459] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:12.459] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:12.459] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:12.690] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain2.1726210973.jsonl|result:{"code": 1, "total_count": 15, "alert_count": 15, "abnormal_count": 15, "normal_count": 0, "timestamp": 1765332552459, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49757, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49762, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9944806564828815, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49763, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9985098652045115, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49768, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9960257009844826, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49771, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9968349685447107, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49764, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9442600037540121, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49766, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9727535520750678, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49758, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9175623073199635, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49770, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9930917614551684, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49759, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9966380810784818, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49767, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9404902673522166, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49769, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9961735166577794, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49761, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9858332370755758, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49765, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9283134044594631, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49760, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.999777167544464, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:12.690] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 15|max_alert: 1000 [2025-12-10 10:09:12.690] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:12.690] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:12.690] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:15.580] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24587 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36703_192-168-17-132_443.1726129505.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36703_192-168-17-132_443.1726129505.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020915Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1a14666fbfdc398e1bfba57fd0258df2cab767d33fa694678526271e83ef89a5"} [2025-12-10 10:09:15.580] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:15.580] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:15.581] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:15.581] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:15.581] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:15.582] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:15.780] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID75_godzilla_3.0.3_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36703_192-168-17-132_443.1726129505.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332555582, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 36703, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999233647484899, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:09:15.780] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:09:15.780] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:15.780] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:15.780] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:18.695] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24588 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.1726129515.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.1726129515.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020918Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=99b17e1efa403e9702fbc3efe8b70e21a9a2c43f1fa00a5e4889ea038cd0bfdf&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:09:18.695] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:18.695] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:18.695] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:18.695] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:18.695] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:18.696] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:18.931] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain1.1726129515.jsonl|result:{"code": 1, "total_count": 15, "alert_count": 13, "abnormal_count": 13, "normal_count": 2, "timestamp": 1765332558696, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34338, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6600152343992454, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58168, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5486665983652664, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50538, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6610424197399033, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43376, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5495919355088006, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58164, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5150716470914646, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50518, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5766166595943324, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34308, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 50524, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6328550763870058, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43408, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6608495747990313, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58182, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7825537526527392, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 43414, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.755307526352713, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 34324, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8598443676373912, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 58174, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7313231847218452, "2_count": 13, "2_sum": 15, "2_ratio": 0.8666666666666667, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:18.931] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 13|max_alert: 1000 [2025-12-10 10:09:18.931] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:18.931] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:18.931] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:21.833] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25712 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.1726640074.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.1726640074.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=908a3536c451dcbfa73a5b3be423189a27fa1677303a95e83ff081e161487c6e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020921Z"} [2025-12-10 10:09:21.833] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:21.833] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:21.833] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:21.834] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:21.834] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:21.834] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:22.034] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.1726640074.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332561834, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49272, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9591897032018184, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:09:22.034] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:09:22.034] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:22.034] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:22.034] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:24.945] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24589 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37337_192-168-17-132_443.1726129614.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37337_192-168-17-132_443.1726129614.jsonl?X-Amz-Signature=6e0b5a85a5886aa173f35bad9b7d4f714589bad21133eae9cfcbd8e1eadcb358&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020924Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:09:24.945] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:24.946] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:24.946] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:24.946] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:24.946] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:24.947] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:25.146] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID74_godzilla_2.96_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_37337_192-168-17-132_443.1726129614.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332564947, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 37337, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9997048311722898, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:09:25.146] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:09:25.146] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:25.146] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:25.146] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:28.057] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25713 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35992_192-168-17-132_443.1726129385.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35992_192-168-17-132_443.1726129385.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020927Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=2a87d29073d720c4d88ff25585f6349e366d26f54fa1eef96e98d5180c9e32f3"} [2025-12-10 10:09:28.057] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:28.057] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:28.058] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:28.058] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:28.058] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:28.058] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:28.251] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_35992_192-168-17-132_443.1726129385.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332568058, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 35992, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999474031456436, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:09:28.251] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:09:28.251] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:28.251] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:28.251] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:31.173] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24590 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.1726130399.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.1726130399.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020930Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5cfc9dd38ccd9485c29595390138896420314dd3094ae27475059fcfca758dcb&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:09:31.173] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:31.173] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:31.173] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:31.173] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:31.173] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:31.174] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:31.405] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain1.1726130399.jsonl|result:{"code": 1, "total_count": 14, "alert_count": 12, "abnormal_count": 12, "normal_count": 2, "timestamp": 1765332571175, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33868, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7907536706029601, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35934, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8765184103204687, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47654, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7026441794397728, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52856, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8234095922587584, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52870, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6149387055645753, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35948, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6346248737573055, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35930, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6710350924313606, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47642, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35960, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5298220609605865, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33840, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.836137429688432, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33860, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6415493894027886, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33858, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7389562922671952, "2_count": 12, "2_sum": 14, "2_ratio": 0.8571428571428571, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:31.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-10 10:09:31.405] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:31.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:31.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:34.286] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25349 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.1726130578.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.1726130578.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=eeae133b91812223f465561c3f51f65f064b1a89282e2984adfa0960f312b4de&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020933Z"} [2025-12-10 10:09:34.286] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:34.286] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:34.286] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:34.286] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:34.286] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:34.287] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:34.541] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_IP.1726130578.jsonl|result:{"code": 1, "total_count": 14, "alert_count": 10, "abnormal_count": 10, "normal_count": 4, "timestamp": 1765332574287, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36538, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44036, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8465086067455839, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36554, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.679389337568846, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44022, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6728841833184426, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41988, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6932043396309915, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41972, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7506726691230895, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44024, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.5200589530455904, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44042, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6791167796113271, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 48286, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7498623734261112, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 41946, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.679443760457275, "2_count": 10, "2_sum": 14, "2_ratio": 0.7142857142857143, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:34.541] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 10|max_alert: 1000 [2025-12-10 10:09:34.541] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:34.541] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:34.541] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:37.386] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25350 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41979_192-168-163-23_80.1726207397.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41979_192-168-163-23_80.1726207397.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T020936Z&X-Amz-Signature=b489091113843cc5938d377a559f68bf1171a21ae1a6738bec97bd755884fb68&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:09:37.386] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:37.386] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:37.387] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:37.387] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:37.387] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:37.387] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:37.587] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID63_godzillav3.03_php_linux-http-1.pcap.TCP_192-168-163-21_41979_192-168-163-23_80.1726207397.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332577387, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41979, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:37.587] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:09:37.587] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:37.587] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:37.587] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:40.499] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25714 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.1726130530.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.1726130530.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020939Z&X-Amz-Signature=2710a4d58e8d3b621f468baeb32dad4d440cbf02ebf26baa33e1163b11670973"} [2025-12-10 10:09:40.499] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:40.499] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:40.499] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:40.499] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:40.499] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:40.499] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:40.743] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain3.1726130530.jsonl|result:{"code": 1, "total_count": 14, "alert_count": 12, "abnormal_count": 12, "normal_count": 2, "timestamp": 1765332580500, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 32800, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6393447179540175, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51754, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6370738968028632, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 47816, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51482, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6781951466688778, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51766, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5230912463199346, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51470, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7510731897204698, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "protocol": 6, "src_port": 55098, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51500, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7652886925783811, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51490, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6827157059025345, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51514, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7920714737387965, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 51740, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6726794156067787, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 32786, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8098754794129167, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:40.743] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-10 10:09:40.743] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:40.743] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:40.743] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:43.620] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25715 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain1.1726131491.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain1.1726131491.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T020943Z&X-Amz-Signature=196b22c44744aee55538878d149dffcb3e62d59879f13ab9bdf052b2adb6e0ac&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:09:43.620] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:43.620] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:43.620] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:43.620] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:43.620] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:43.621] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:43.849] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain1.1726131491.jsonl|result:{"code": 1, "total_count": 13, "alert_count": 11, "abnormal_count": 11, "normal_count": 2, "timestamp": 1765332583621, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44542, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8068297264372905, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44528, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8546484507385572, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44532, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6223364314711629, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44526, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44546, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7162736456166379, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44548, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7977631881234646, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44550, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8396849465499099, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44530, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8750001437745446, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44538, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7920813421502959, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44540, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5743813944301933, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44544, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7925224053903588, "2_count": 11, "2_sum": 13, "2_ratio": 0.8461538461538461, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:43.849] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-10 10:09:43.849] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:43.849] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:43.849] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:46.733] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24591 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.1726129632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.1726129632.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=3e08b944961b4efcf9c6c20cfba11fffaead494ed730f7ba9cfdbed3d81aba22&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020946Z"} [2025-12-10 10:09:46.733] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:46.733] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:46.733] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:46.733] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:46.733] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:46.734] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:46.964] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain3.1726129632.jsonl|result:{"code": 1, "total_count": 13, "alert_count": 12, "abnormal_count": 12, "normal_count": 1, "timestamp": 1765332586734, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36982, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.645358975713871, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36974, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7909008152122282, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56522, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7046661217476976, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36990, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5463985466238093, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 37004, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5915217816010709, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35730, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7117355304645763, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35708, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56490, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7423598538991082, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56494, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.844063156911654, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 56508, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7612030493876523, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 35710, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5372650123307994, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36992, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7173125752864901, "2_count": 12, "2_sum": 13, "2_ratio": 0.9230769230769231, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:46.964] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-10 10:09:46.964] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:46.964] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:46.964] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:49.848] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24592 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.1726132238.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.1726132238.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T020949Z&X-Amz-Signature=74ca68fb34c8b139c0555ad5e9c5284656b3fe8c3792a71831cf37f8f72cb109&X-Amz-SignedHeaders=host"} [2025-12-10 10:09:49.848] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:49.848] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:49.848] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:49.848] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:49.848] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:49.849] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:50.106] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_IP.1726132238.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 12, "abnormal_count": 12, "normal_count": 0, "timestamp": 1765332589849, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53336, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.5295058357260812, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53330, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8275845624305066, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53340, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8829184175754848, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53342, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6721624046725702, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53344, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6023557106412213, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53332, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6762638693132109, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53326, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7965803475820881, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53334, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7442508309553904, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53338, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7490687046424453, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53324, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.645743054285468, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53322, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53328, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7774317609580008, "2_count": 12, "2_sum": 12, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:50.106] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-10 10:09:50.106] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:50.106] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:50.106] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:52.960] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24593 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_38046_192-168-17-132_443.1726129728.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_38046_192-168-17-132_443.1726129728.jsonl?X-Amz-Signature=88e51ef038299707ad9d1a83d6ae5b43a1995aca03004f159e3d77df9517404e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T020952Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:09:52.960] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:52.960] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:52.961] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:52.961] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:52.961] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:52.962] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:53.159] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID73_godzilla_1.10_aspx_windowsserver2008r2_https.pcap.TCP_192-168-17-1_38046_192-168-17-132_443.1726129728.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332592962, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 38046, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999535734564688, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:09:53.159] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:09:53.159] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:53.159] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:53.159] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:56.072] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25716 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.1726132156.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.1726132156.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T020955Z&X-Amz-SignedHeaders=host&X-Amz-Signature=40509144af52c45ff1162d374f153a77ff159222264162e8f34e3ca5c81f004c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:09:56.073] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:56.073] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:56.073] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:56.073] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:56.073] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:56.073] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:56.296] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain2.1726132156.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 11, "abnormal_count": 11, "normal_count": 1, "timestamp": 1765332596073, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44884, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9062125665453248, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44878, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7886796948345814, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44880, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7927806494649347, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44876, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44888, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7618044728672403, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44896, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.656546421625667, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44898, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6767071500659454, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44886, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7458259782927552, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44882, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8540260068036141, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44890, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6809353544552849, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44892, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8347860719091235, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:56.296] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-10 10:09:56.296] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:56.296] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:56.296] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:09:59.187] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24594 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.1726132198.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.1726132198.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=03188f7326c111ac439e17eba4863dbdedb96dcd0d6f16bebd54acdbb3442628&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T020958Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:09:59.187] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:09:59.187] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:09:59.187] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:09:59.187] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:09:59.187] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:09:59.188] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:09:59.418] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain3.1726132198.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 11, "abnormal_count": 11, "normal_count": 1, "timestamp": 1765332599188, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44920, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6185975560935816, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44906, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.79266736051479, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44908, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7313392605554522, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44914, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7921735825556696, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44916, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7820979762504217, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44900, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44904, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7747396296208913, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44902, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5604761186120011, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44922, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7216490316609567, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44912, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6941403930190175, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44918, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7741551259482969, "2_count": 11, "2_sum": 12, "2_ratio": 0.9166666666666666, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:09:59.418] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-10 10:09:59.418] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:09:59.418] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:09:59.418] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:02.295] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24595 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41508_192-168-163-23_443.1726205247.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41508_192-168-163-23_443.1726205247.jsonl?X-Amz-Signature=e0e68f817f6683a315b0ab67b0d865cdf4e3bbb59724e58d00937932b0089449&X-Amz-Date=20251210T021001Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:10:02.295] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:02.295] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:02.295] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:02.295] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:02.295] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:02.296] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:02.493] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41508_192-168-163-23_443.1726205247.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332602296, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41508, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999987675667605, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:10:02.493] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:02.493] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:02.493] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:02.493] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:05.405] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25351 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41822_192-168-163-23_443.1726206667.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41822_192-168-163-23_443.1726206667.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=92941660bb89390ef90b7336ea7b25a79697268ccfabf8e89e2700a929da857c&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021004Z"} [2025-12-10 10:10:05.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:05.405] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:05.405] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:05.405] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:05.405] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:05.406] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:05.605] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41822_192-168-163-23_443.1726206667.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332605406, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41822, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999919931098776, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:10:05.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:05.605] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:05.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:05.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:08.516] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25352 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43324.1726308973.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43324.1726308973.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021008Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ea0c5d7efc73a9ae6bd7fb13f79a6a70153219cd657b617d43f545a0d250eab0"} [2025-12-10 10:10:08.516] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:08.516] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:08.516] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:08.516] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:08.517] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:08.517] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:08.714] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43324.1726308973.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332608517, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43324, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.999997832056583, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:10:08.714] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:08.714] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:08.714] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:08.714] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:11.628] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25717 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_IP.1726131737.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_IP.1726131737.jsonl?X-Amz-Date=20251210T021011Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f12dc5f7b3545ddcbab121c91935e39a4024527cf2d23a6f1e46cf58f7d00c88"} [2025-12-10 10:10:11.628] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:11.628] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:11.629] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:11.629] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:11.629] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:11.630] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:11.854] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_IP.1726131737.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 12, "abnormal_count": 12, "normal_count": 0, "timestamp": 1765332611630, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53140, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8968716698408362, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.135", "dest_ip": "91.189.91.96", "protocol": 6, "src_port": 54536, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53136, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7814608671479711, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53150, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8207331555503071, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53128, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53132, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.9364716586007662, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53148, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.6466553657828094, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53130, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.7742272817050536, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53142, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8327380929202352, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53146, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8520693922460204, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53144, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8833097034151282, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53138, "dest_port": 51119, "y_pred": 1, "y_pred_proba_max": 0.8361061171770977, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:11.854] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-10 10:10:11.854] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:11.854] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:11.854] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:14.740] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25353 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.1726129584.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.1726129584.jsonl?X-Amz-Date=20251210T021014Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5474350f65d07ad58c7d18e00888f5daf5a0d08a017c9291977db2ced38cb455&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:10:14.740] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:14.740] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:14.740] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:14.740] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:14.740] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:14.741] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:14.964] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID32-tls1.2CS4.8_ubuntu_ubuntu_openjdk_domain2.1726129584.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 12, "abnormal_count": 12, "normal_count": 0, "timestamp": 1765332614741, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52090, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52104, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5820294787660791, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45860, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.809274256789188, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.135", "dest_ip": "185.125.190.98", "protocol": 6, "src_port": 40916, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45862, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8844120553728769, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33044, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7244387815839199, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33056, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6308113658289384, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33072, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6961407686164033, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45844, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8579854060527151, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 33074, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5467283177738326, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 52112, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7399493449817247, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 45842, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.592268158808573, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:14.964] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-10 10:10:14.964] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:14.964] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:14.964] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:17.851] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25718 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain2.1726131653.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain2.1726131653.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021017Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=57ffc4c8d81e6605669e720ed7f35ee22289a1801335672feda6c272802ce4e7&X-Amz-Expires=604800"} [2025-12-10 10:10:17.851] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:17.851] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:17.851] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:17.851] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:17.851] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:17.851] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:18.076] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain2.1726131653.jsonl|result:{"code": 1, "total_count": 11, "alert_count": 10, "abnormal_count": 10, "normal_count": 1, "timestamp": 1765332617851, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44670, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44688, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7281417241208992, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44672, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7380767260451542, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44674, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5292865548688473, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44676, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8180514423474531, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44682, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.669473353317389, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44686, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6349527326831262, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44678, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5883169217082974, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44680, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8038337568942928, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44690, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8306985001593715, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:18.076] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 10|max_alert: 1000 [2025-12-10 10:10:18.076] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:18.076] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:18.076] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:20.952] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25354 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41292_192-168-163-23_80.1726204011.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41292_192-168-163-23_80.1726204011.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=6e67ea58049f0c0bec93dd7f571699de8a6b57b2ffae9c389b65455499b61809&X-Amz-Date=20251210T021020Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:10:20.952] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:20.952] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:20.952] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:20.952] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:20.952] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:20.952] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:21.184] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41292_192-168-163-23_80.1726204011.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332620953, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41292, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:21.184] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:21.184] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:21.184] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:21.184] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:24.053] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25719 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41718_192-168-163-23_80.1726206182.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41718_192-168-163-23_80.1726206182.jsonl?X-Amz-Signature=0e8974be84b1f9b4955e421c592f912555e8569f43424f41a1013c385a2806f7&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021023Z&X-Amz-Expires=604800"} [2025-12-10 10:10:24.053] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:24.053] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:24.053] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:24.053] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:24.053] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:24.054] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:24.250] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41718_192-168-163-23_80.1726206182.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332624054, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41718, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:24.250] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:24.250] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:24.250] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:24.250] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:27.158] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24596 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62918_172-28-211-96_8443.1726646627.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62918_172-28-211-96_8443.1726646627.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b8e796e3e0af701ff4fc86ef624f87930b79dcfcc19e8255c9ff37af3760bdb1&X-Amz-Expires=604800&X-Amz-Date=20251210T021026Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:10:27.158] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:27.158] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:27.158] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:27.158] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:27.158] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:27.159] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:27.361] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62918_172-28-211-96_8443.1726646627.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332627159, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62918, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999831835191105, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:10:27.361] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:27.361] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:27.361] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:27.361] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:30.270] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24597 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain3.1726131696.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain3.1726131696.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=ebe9396fef400435c9865898effac1168f10beb53a087e019b1adb8867e26fa1&X-Amz-Date=20251210T021029Z"} [2025-12-10 10:10:30.270] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:30.270] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:30.270] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:30.270] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:30.270] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:30.271] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:30.498] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID27-tls1.2CS4.8_centos_kali_jdk_domain3.1726131696.jsonl|result:{"code": 1, "total_count": 10, "alert_count": 8, "abnormal_count": 8, "normal_count": 2, "timestamp": 1765332630271, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44708, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8359322785511986, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44704, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7534169804090481, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44700, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44706, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7759759313861461, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44712, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7836784041256035, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44718, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7259855494185945, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44716, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8524267391018969, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44714, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6391600432398261, "2_count": 8, "2_sum": 10, "2_ratio": 0.8, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:30.498] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 8|max_alert: 1000 [2025-12-10 10:10:30.498] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:30.498] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:30.498] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:33.381] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25355 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.1726132102.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.1726132102.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a5a2e7f0f7261fb3df95205ffc5366a803778b3183db4548e6a5eb58fd7e9318&X-Amz-Expires=604800&X-Amz-Date=20251210T021032Z"} [2025-12-10 10:10:33.382] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:33.382] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:33.382] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:33.382] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:33.382] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:33.382] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:33.609] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID28-tls1.2CS4.8_centos_kali_openjdk_domain1.1726132102.jsonl|result:{"code": 1, "total_count": 10, "alert_count": 10, "abnormal_count": 10, "normal_count": 0, "timestamp": 1765332633382, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44842, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6957495068889487, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44852, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7941063337160675, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44846, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6469662190462722, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44836, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44840, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7303939128023762, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44848, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8577944376622961, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44844, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8904617241740531, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44850, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6907793735712409, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44838, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5549799479091682, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.136", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 44854, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8649753129761104, "2_count": 10, "2_sum": 10, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:33.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 10|max_alert: 1000 [2025-12-10 10:10:33.609] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:33.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:33.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:36.492] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24598 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.1726130487.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.1726130487.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021035Z&X-Amz-Signature=ac78ff8a6da108488a1b8b389409a660508287be40de88c15cf95bc93b5aebce&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:10:36.492] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:36.492] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:36.492] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:36.492] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:36.492] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:36.492] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:36.714] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID31-tls1.2CS4.8_ubuntu_ubuntu_jdk_domain2.1726130487.jsonl|result:{"code": 1, "total_count": 10, "alert_count": 7, "abnormal_count": 7, "normal_count": 3, "timestamp": 1765332636492, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 36998, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.910731468640802, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 37014, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8351820553379743, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54386, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8545308495946718, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54358, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.49381248622124246, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 38764, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54372, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.878562954767242, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.140", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 54360, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5824559064294447, "2_count": 7, "2_sum": 10, "2_ratio": 0.7, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:36.714] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 7|max_alert: 1000 [2025-12-10 10:10:36.714] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:36.714] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:36.714] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:39.593] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25356 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62608_172-28-211-96_8080.1726644126.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62608_172-28-211-96_8080.1726644126.jsonl?X-Amz-Signature=3fb4f61771335025c7e07526a364ec4c52c2d0f278fe56ae1bae1a56f4f97c05&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021039Z&X-Amz-Expires=604800"} [2025-12-10 10:10:39.593] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:39.593] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:39.593] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:39.593] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:39.593] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:39.594] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:39.787] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62608_172-28-211-96_8080.1726644126.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332639594, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62608, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:39.787] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:39.787] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:39.787] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:39.787] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:42.701] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25720 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62980.1727519637.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62980.1727519637.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=7cda128162b4ef3705b349bef5070a25a20ffe480f02f3b83185c738e6beede6&X-Amz-Date=20251210T021042Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:10:42.701] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:42.701] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:42.701] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:42.701] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:42.701] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:42.702] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:42.903] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62980.1727519637.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332642702, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62980, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999936808638287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:42.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:42.903] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:42.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:42.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:45.809] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25721 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62113.1727518664.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62113.1727518664.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021045Z&X-Amz-Signature=980fd524b2d636075736d1bc796d4e3abdf39ffd3773b6a35af84d2e2c87b679&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:10:45.809] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:45.809] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:45.810] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:45.810] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:45.810] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:45.810] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:46.020] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62113.1727518664.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332645810, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62113, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999761264915185, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:46.020] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:46.020] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:46.020] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:46.020] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:48.918] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25722 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50940.1727436527.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50940.1727436527.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=68bbf8e7088e94d06c3741a67ba32e8fbb39d5e95a55e0e5bd7135dcc1bc4b3f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021048Z"} [2025-12-10 10:10:48.918] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:48.918] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:48.918] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:48.918] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:48.918] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:48.918] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:49.119] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50940.1727436527.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332648918, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50940, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999997286303893, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:49.119] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:49.120] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:49.120] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:49.120] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:52.021] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25357 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62935_172-28-211-96_8443.1726646726.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62935_172-28-211-96_8443.1726646726.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021051Z&X-Amz-Signature=ab6eb21a0635a1aa6c2b51165bd4221d9afceec1054eb946df955472361dd6db"} [2025-12-10 10:10:52.021] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:52.021] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:52.021] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:52.021] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:52.021] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:52.022] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:52.220] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62935_172-28-211-96_8443.1726646726.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332652022, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62935, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.99999987360216, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:10:52.220] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:52.220] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:52.220] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:52.220] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:55.130] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25358 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63540.1727520252.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63540.1727520252.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021054Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d9cac3728dd491705bf2dffa40b214f9be498bb2c75ee0488ff6f04cfbaff368"} [2025-12-10 10:10:55.130] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:55.130] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:55.130] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:55.130] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:55.130] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:55.131] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:55.379] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63540.1727520252.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332655131, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63540, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999926552861899, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:55.379] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:55.379] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:55.379] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:55.379] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:10:58.231] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25359 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63357.1727520061.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63357.1727520061.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021057Z&X-Amz-Expires=604800&X-Amz-Signature=c102fda01c4eae0d434b5a9cd798eca70e3e64e56051a6e0c3e0c9cfe4d33391&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:10:58.231] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:10:58.232] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:10:58.232] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:10:58.232] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:10:58.232] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:10:58.233] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:10:58.425] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63357.1727520061.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332658233, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63357, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:10:58.425] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:10:58.425] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:10:58.425] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:10:58.425] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:01.333] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25723 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62813.1727519464.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62813.1727519464.jsonl?X-Amz-Expires=604800&X-Amz-Signature=8aca232e511f49d579b98f827783b78a7c6a464ec40e01bae53edb66d908fda7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021100Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:11:01.333] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:01.333] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:01.333] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:01.333] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:01.333] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:01.334] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:01.531] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62813.1727519464.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332661335, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62813, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:11:01.531] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:01.531] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:01.531] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:01.531] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:04.435] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25724 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61694.1727518196.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61694.1727518196.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021103Z&X-Amz-Signature=c22bf4092c7f195627d3174ed7506ce928cda6f16b6c73fe617ae247edb586e8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:11:04.435] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:04.435] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:04.435] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:04.435] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:04.435] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:04.436] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:04.637] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61694.1727518196.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332664436, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61694, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:11:04.638] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:04.638] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:04.638] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:04.638] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:07.536] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24599 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50566.1727436123.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50566.1727436123.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021107Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=15c68c42fdec5bd247e120dcc42230227f9ef4dcf509edfaab7ddb09661e4866"} [2025-12-10 10:11:07.536] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:07.536] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:07.536] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:07.536] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:07.536] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:07.536] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:07.731] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50566.1727436123.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332667536, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50566, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:11:07.731] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:07.731] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:07.731] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:07.731] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:10.638] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25360 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62936_172-28-211-96_8443.1726646726.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62936_172-28-211-96_8443.1726646726.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021110Z&X-Amz-Signature=259ea9d5eb0c0c837a315898c38f2545a52896efa96a2216b2bcac91fd8308fb"} [2025-12-10 10:11:10.638] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:10.638] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:10.639] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:10.639] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:10.639] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:10.639] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:10.834] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62936_172-28-211-96_8443.1726646726.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332670639, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62936, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999979901782339, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:11:10.834] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:10.834] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:10.834] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:10.834] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:13.744] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24600 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11102.1726283919.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11102.1726283919.jsonl?X-Amz-Date=20251210T021113Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=7edc663f906f9f1f17ddfb12280992eaf9ba887750bbc685d3755f3b9bb0353f&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:11:13.744] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:13.744] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:13.744] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:13.744] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:13.744] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:13.745] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:13.946] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11102.1726283919.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332673745, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11102, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.9999995257547307, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:11:13.946] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:13.946] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:13.946] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:13.946] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:16.846] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25725 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62622_172-28-211-96_8080.1726644233.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62622_172-28-211-96_8080.1726644233.jsonl?X-Amz-Signature=ae7ab190c7ea73b2ffdb84fbbec10d632c1a6e6f52c40abcf2dd7693d431a7aa&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021116Z"} [2025-12-10 10:11:16.846] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:16.846] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:16.846] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:16.846] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:16.846] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:16.847] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:17.050] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62622_172-28-211-96_8080.1726644233.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332676847, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62622, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:11:17.050] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:17.050] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:17.050] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:17.050] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:19.948] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25726 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62953_172-28-211-96_8443.1726646865.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62953_172-28-211-96_8443.1726646865.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021119Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c16735ac68c6ae7dcfd0756c3d5285f726341b6800fadc81d51f29d630692d6e"} [2025-12-10 10:11:19.948] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:19.948] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:19.948] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:19.948] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:19.948] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:19.949] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:20.158] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62953_172-28-211-96_8443.1726646865.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332679949, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62953, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999663492243163, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:11:20.158] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:20.158] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:20.158] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:20.158] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:23.054] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24601 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50936.1727436524.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50936.1727436524.jsonl?X-Amz-Signature=131fa0c9cd5ff1b6bf7705cef4e4059aaf8f53140c1fa04d345ec5ee2095c4b7&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021122Z"} [2025-12-10 10:11:23.054] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:23.054] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:23.055] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:23.055] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:23.055] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:23.055] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:23.263] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50936.1727436524.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332683055, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50936, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999989074445264, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:11:23.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:23.263] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:23.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:23.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:26.159] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25361 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62976.1727519635.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62976.1727519635.jsonl?X-Amz-Date=20251210T021125Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=822e4b3082792bcfa4ee7956578e7b063bc7d7c96322e63ac3b19d4239a618d5&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:11:26.160] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:26.160] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:26.160] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:26.160] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:26.160] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:26.160] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:26.322] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62976.1727519635.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332686160, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62976, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999884237372928, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:11:26.322] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:26.322] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:26.322] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:26.322] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:29.265] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25727 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11619.1726284624.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11619.1726284624.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021128Z&X-Amz-SignedHeaders=host&X-Amz-Signature=81c7d3d7304afd80fd011fc2064fa4817cc2f3ff9cdd2053c0bf35f0c89a111e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:11:29.265] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:29.265] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:29.265] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:29.265] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:29.265] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:29.266] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:29.419] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_4433_111-53-218-171_11619.1726284624.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332689266, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11619, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.999998206014365, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:11:29.420] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:29.420] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:29.420] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:29.420] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:32.375] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25362 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62111.1727518662.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62111.1727518662.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ada7ccdb58e5b45f96c2084fba405fa9dcc9042ed79dc86ef7cbf338169ead0b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021131Z"} [2025-12-10 10:11:32.375] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:32.375] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:32.375] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:32.375] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:32.375] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:32.375] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:32.534] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62111.1727518662.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332692376, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62111, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999983009325566, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:11:32.534] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:32.534] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:32.534] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:32.534] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:35.481] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25728 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63537.1727520249.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63537.1727520249.jsonl?X-Amz-Date=20251210T021134Z&X-Amz-Signature=492b113bdadb1d8ac353eaf721d4d2b450dcbfc2bfc2da5a499508bbcbf82a6d&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:11:35.481] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:35.481] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:35.481] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:35.481] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:35.481] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:35.481] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:35.641] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63537.1727520249.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332695481, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63537, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999969505773867, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:11:35.641] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:35.641] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:35.641] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:35.641] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:38.588] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25363 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1726816453.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1726816453.jsonl?X-Amz-Signature=c960974fb73665862efd11ab4fe28188e1abd17c76d0fd539d5f9a0b74eb4f23&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T021138Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:11:38.588] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:38.588] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:38.588] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:38.588] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:38.588] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:38.588] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:38.757] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1726816453.jsonl|result:{"code": 1, "total_count": 7, "alert_count": 7, "abnormal_count": 7, "normal_count": 0, "timestamp": 1765332698588, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51867, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8704952835928917, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51864, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9406154167358071, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51870, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9153528874092203, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51865, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5080692700085622, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51871, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5734997034085443, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51868, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.67716028710914, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51862, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8621027184790087, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:11:38.757] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 7|max_alert: 1000 [2025-12-10 10:11:38.757] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:38.757] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:38.757] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:41.694] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24602 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.1726795336.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.1726795336.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1d017d5aeaee14650c2843f162cb9bffc2999a68f26d950f170cff047e2814d3&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021141Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:11:41.694] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:41.694] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:41.694] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:41.694] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:41.694] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:41.695] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:41.903] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_IP.1726795336.jsonl|result:{"code": 1, "total_count": 7, "alert_count": 7, "abnormal_count": 7, "normal_count": 0, "timestamp": 1765332701695, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51109, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7797161693223945, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51115, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6497119181245019, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51112, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5651993738764558, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51114, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9777326623147766, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51106, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.715040822249808, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51111, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.916775698659375, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51108, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8392515804044033, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:11:41.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 7|max_alert: 1000 [2025-12-10 10:11:41.903] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:41.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:41.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:44.800] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24603 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.1726799420.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.1726799420.jsonl?X-Amz-Signature=f9f0000407b8e5e42e9eed30751aa06db225418a2a6100e4f6d988dbf01987bd&X-Amz-Date=20251210T021144Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:11:44.800] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:44.800] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:44.800] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:44.800] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:44.800] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:44.801] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:45.016] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID34-tls1.2CS4.8_windowsserver2008_kali_openjdk_domain.1726799420.jsonl|result:{"code": 1, "total_count": 7, "alert_count": 7, "abnormal_count": 7, "normal_count": 0, "timestamp": 1765332704801, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51216, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.84095193599556, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51221, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.9473445349389896, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51224, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8517472665546844, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51225, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.6130112177499187, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51219, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.675247694982502, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51222, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.8209179403780051, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51218, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8795958530980557, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:11:45.016] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 7|max_alert: 1000 [2025-12-10 10:11:45.016] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:45.016] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:45.016] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:47.908] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25729 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1726813550.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1726813550.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021147Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=857afba2335a1dd827d9976978c94643722c87f83ec6151a08d3a93311c9aa66"} [2025-12-10 10:11:47.908] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:47.908] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:47.908] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:47.908] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:47.908] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:47.909] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:48.079] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID33-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1726813550.jsonl|result:{"code": 1, "total_count": 7, "alert_count": 7, "abnormal_count": 7, "normal_count": 0, "timestamp": 1765332707909, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51771, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9958367333381308, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51762, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.865003353805995, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51765, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9918547827309265, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51767, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9438503413518589, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51768, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.914844091541431, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51770, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7144807820989244, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51764, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.9325163085458639, "2_count": 7, "2_sum": 7, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:11:48.079] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 7|max_alert: 1000 [2025-12-10 10:11:48.079] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:48.079] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:48.079] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:51.010] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24604 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50563.1727436120.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50563.1727436120.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021150Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=5e28f3f9d528828d40950b702a1d0e8b868aef669f6eea495c17508a5d047361"} [2025-12-10 10:11:51.010] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:51.010] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:51.010] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:51.010] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:51.010] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:51.010] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:51.165] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50563.1727436120.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332711011, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50563, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:11:51.165] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:51.165] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:51.165] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:51.165] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:54.111] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24605 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62811.1727519462.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62811.1727519462.jsonl?X-Amz-Date=20251210T021153Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=93b0734bfe79656d48b6dc0bd389c15a7f00e6c88ccfd682de2c0c11f065838f"} [2025-12-10 10:11:54.111] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:54.111] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:54.111] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:54.111] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:54.111] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:54.112] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:54.298] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62811.1727519462.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332714112, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62811, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:11:54.298] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:54.298] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:54.298] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:54.298] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:11:57.214] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24606 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63355.1727520059.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63355.1727520059.jsonl?X-Amz-Signature=e26a925225845f1a3882cd6ed0f4ff3308924d7747cddb491fe7a1f5e0cf0aed&X-Amz-Date=20251210T021156Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:11:57.214] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:11:57.214] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:11:57.214] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:11:57.214] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:11:57.214] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:11:57.214] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:11:57.374] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63355.1727520059.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332717214, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63355, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:11:57.374] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:11:57.374] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:11:57.374] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:11:57.374] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:00.316] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25730 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61690.1727518193.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61690.1727518193.jsonl?X-Amz-Expires=604800&X-Amz-Signature=03b3f0addec560f16cefe0b60422183b816a4eea6d15aed7da2278f717ca15f7&X-Amz-Date=20251210T021159Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:12:00.316] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:00.316] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:00.316] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:00.316] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:00.316] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:00.316] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:00.471] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61690.1727518193.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332720316, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61690, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:00.471] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:00.471] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:00.471] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:00.471] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:03.419] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25731 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62740_172-28-211-96_8443.1726645187.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62740_172-28-211-96_8443.1726645187.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=992423520627a64d9587fbc465c815e3c90120726aeef8272cbbb7a1e4014ba8&X-Amz-Date=20251210T021202Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:12:03.419] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:03.419] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:03.420] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:03.420] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:03.420] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:03.420] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:03.578] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62740_172-28-211-96_8443.1726645187.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332723420, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62740, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9998478752076382, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:12:03.578] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:03.578] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:03.578] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:03.578] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:06.524] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25364 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25209_192-168-52-129_443.1725956951.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25209_192-168-52-129_443.1725956951.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=627a3673f64d9a7d24ebf8120e488dd3903601fa743ce781b6c2efec34410760&X-Amz-Date=20251210T021206Z"} [2025-12-10 10:12:06.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:06.524] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:06.524] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:06.524] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:06.524] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:06.524] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:06.729] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25209_192-168-52-129_443.1725956951.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332726524, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 25209, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999966233687475, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:12:06.729] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:06.729] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:06.729] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:06.729] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:09.628] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25732 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43323.1726308966.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43323.1726308966.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d6cbc662c31524ec6bd333fb841cbee66ba92504be7f6f53015a2ce378065397&X-Amz-Date=20251210T021209Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:12:09.628] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:09.628] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:09.628] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:09.628] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:09.628] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:09.629] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:09.829] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43323.1726308966.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332729629, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43323, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.99999845215055, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:12:09.829] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:09.829] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:09.829] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:09.829] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:12.733] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24607 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11098.1726283912.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11098.1726283912.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=62d196b3df34ce7cce644a4749a5ec6a1a576ae0cbbbe90f94a6b6123f454200&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021212Z"} [2025-12-10 10:12:12.733] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:12.733] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:12.733] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:12.733] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:12.733] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:12.733] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:12.933] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11098.1726283912.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332732733, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11098, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.9999901824318602, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:12:12.933] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:12.933] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:12.933] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:12.933] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:15.834] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25733 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62395_172-28-211-96_8080.1726642569.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62395_172-28-211-96_8080.1726642569.jsonl?X-Amz-Date=20251210T021215Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=6ff860304fdfba26a76a3993c763ccb42936724df4b569446e77680cebdfb8b4"} [2025-12-10 10:12:15.835] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:15.835] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:15.835] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:15.835] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:15.835] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:15.835] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:16.032] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62395_172-28-211-96_8080.1726642569.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332735835, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62395, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:16.032] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:16.032] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:16.032] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:16.032] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:18.939] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25365 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53296_192-168-32-40_443.1726127499.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53296_192-168-32-40_443.1726127499.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ce33f7221a2bf4548546ce7084ab291a9eba8a8901170fb2c495aec173eaccba&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021218Z"} [2025-12-10 10:12:18.939] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:18.939] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:18.939] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:18.939] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:18.939] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:18.939] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:19.136] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_https.pcap.TCP_192-168-32-1_53296_192-168-32-40_443.1726127499.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332738939, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 53296, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999996543225842, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:19.136] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:19.136] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:19.136] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:19.136] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:22.040] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25366 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62482_172-28-211-96_8080.1726643269.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62482_172-28-211-96_8080.1726643269.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=184d3ed1a469fd7eace8f42e846d88fc418d498a79817440edb6f9adcc596949&X-Amz-Expires=604800&X-Amz-Date=20251210T021221Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:12:22.040] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:22.040] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:22.040] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:22.040] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:22.040] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:22.041] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:22.233] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62482_172-28-211-96_8080.1726643269.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332742042, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62482, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:22.233] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:22.233] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:22.233] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:22.233] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:25.142] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25367 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62436_172-28-211-96_8080.1726642849.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62436_172-28-211-96_8080.1726642849.jsonl?X-Amz-Expires=604800&X-Amz-Signature=6e0a202fa5bd4d488bb661b031988a0379f9a3be7f238206624a46d4f1398224&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021224Z"} [2025-12-10 10:12:25.142] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:25.142] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:25.142] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:25.142] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:25.142] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:25.142] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:25.336] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62436_172-28-211-96_8080.1726642849.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332745142, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62436, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:25.336] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:25.336] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:25.336] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:25.336] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:28.244] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25734 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62453_172-28-211-96_8080.1726642989.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62453_172-28-211-96_8080.1726642989.jsonl?X-Amz-Signature=c070327cc877f2f716213dd30812d345f7ac7008f37f8a16e6cf98eb0f64edba&X-Amz-Expires=604800&X-Amz-Date=20251210T021227Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:12:28.244] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:28.244] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:28.244] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:28.244] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:28.244] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:28.244] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:28.471] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62453_172-28-211-96_8080.1726642989.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332748244, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62453, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:28.471] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:28.471] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:28.471] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:28.471] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:31.344] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24608 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62447_172-28-211-96_8080.1726642946.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62447_172-28-211-96_8080.1726642946.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6d324f0ddef7ebecbf0bd63524b7a080ae8d93843b818179069ee7f3c64474e6&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021230Z&X-Amz-Expires=604800"} [2025-12-10 10:12:31.345] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:31.345] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:31.345] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:31.345] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:31.345] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:31.346] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:31.543] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62447_172-28-211-96_8080.1726642946.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332751346, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62447, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:31.543] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:31.543] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:31.543] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:31.543] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:34.446] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25735 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58000_192-168-32-40_80.1726196734.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58000_192-168-32-40_80.1726196734.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=10efd161e24f73f9bbf902abec353e8375eca5075e4b42ce4f29484ee8f2d65d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021233Z&X-Amz-Expires=604800"} [2025-12-10 10:12:34.446] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:34.446] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:34.447] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:34.447] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:34.447] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:34.448] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:34.646] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID79_antsword_2.1.8.1_php_http.pcap.TCP_192-168-32-1_58000_192-168-32-40_80.1726196734.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332754448, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.1", "dest_ip": "192.168.32.40", "protocol": 6, "src_port": 58000, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:34.646] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:34.646] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:34.646] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:34.646] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:37.551] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25736 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62986.1727519643.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62986.1727519643.jsonl?X-Amz-Signature=807dc13db9b1f85c5618470359ff80e390985814e6dc24bb258934741fde1f3e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T021237Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:12:37.551] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:37.551] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:37.552] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:37.552] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:37.552] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:37.552] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:37.746] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62986.1727519643.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332757552, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62986, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999966907052797, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:37.746] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:37.746] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:37.746] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:37.746] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:40.655] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25368 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62121.1727518671.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62121.1727518671.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021240Z&X-Amz-Expires=604800&X-Amz-Signature=0dee66f17d184cbd6adce1048462a6c066178cd334afe27f974b8045802116a7&X-Amz-SignedHeaders=host"} [2025-12-10 10:12:40.656] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:40.656] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:40.656] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:40.656] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:40.656] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:40.656] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:40.854] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62121.1727518671.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332760656, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62121, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999986040521287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:40.854] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:40.854] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:40.854] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:40.854] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:43.759] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25369 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50946.1727436533.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50946.1727436533.jsonl?X-Amz-Date=20251210T021243Z&X-Amz-Signature=edab3c4db042f197bb620c2e832cfe27b91105a32f1062131fbbf4a051088113&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:12:43.759] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:43.759] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:43.760] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:43.760] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:43.760] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:43.760] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:43.958] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50946.1727436533.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332763760, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50946, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999984354851469, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:43.958] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:43.958] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:43.958] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:43.958] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:46.862] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25370 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51146.1726796463.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51146.1726796463.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021246Z&X-Amz-Signature=387b27ca35e92436548d0376798de7da27d21fee4d2e8c7013592c5f6f7a13c8&X-Amz-SignedHeaders=host"} [2025-12-10 10:12:46.862] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:46.862] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:46.863] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:46.863] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:46.863] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:46.863] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:47.111] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51146.1726796463.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332766864, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51146, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:47.111] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:47.111] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:47.111] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:47.111] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:49.964] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25371 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51804.1726814723.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51804.1726814723.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021249Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0665bcded49a101b73364915a90c350f621793cd67d9f93438e29fe8a49234d9&X-Amz-SignedHeaders=host"} [2025-12-10 10:12:49.964] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:49.964] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:49.965] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:49.965] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:49.965] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:49.966] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:50.161] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51804.1726814723.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332769966, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51804, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:50.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:50.161] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:50.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:50.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:53.067] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25737 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51901.1726817548.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51901.1726817548.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021252Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c68adbdfc222f54128a0f1ff01b7def356fbccb1aab726d9ffe63e4770c548cd"} [2025-12-10 10:12:53.067] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:53.067] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:53.068] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:53.068] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:53.068] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:53.068] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:53.261] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-137_22_192-168-126-139_51901.1726817548.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332773068, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51901, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:53.261] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:53.261] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:53.261] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:53.261] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:56.169] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25738 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51264.1726800660.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51264.1726800660.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T021255Z&X-Amz-SignedHeaders=host&X-Amz-Signature=110c00746c4d4cb185203ac14adcdd778b52f21b806111f30bed59050e33897e"} [2025-12-10 10:12:56.169] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:56.169] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:56.169] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:56.169] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:56.169] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:56.169] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:56.362] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-137_22_192-168-126-139_51264.1726800660.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332776169, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51264, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:56.362] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:56.362] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:56.362] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:56.362] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:12:59.274] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25372 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43405_192-168-37-136_8443.1727255896.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43405_192-168-37-136_8443.1727255896.jsonl?X-Amz-Signature=d91b61e19cf6c1f96c6d25feef3365f24bbf9c236d8651b25959f5c964b47c32&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021258Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:12:59.274] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:12:59.274] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:12:59.274] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:12:59.274] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:12:59.274] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:12:59.275] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:12:59.485] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43405_192-168-37-136_8443.1727255896.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332779275, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43405, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999907105433089, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:12:59.485] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:12:59.485] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:12:59.485] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:12:59.485] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:02.442] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24609 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.1726050776.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.1726050776.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021301Z&X-Amz-Signature=ce4523464b8da8e008c9c749a8bd1e6c7cba5c55ed1126d953c5a63a01782fdf&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:13:02.443] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:02.443] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:02.443] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:02.443] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:02.443] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:02.444] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:02.677] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.1726050776.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332782444, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50482, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.45310155500515314, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:13:02.677] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:02.678] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:02.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:02.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:05.546] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25373 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43325.1726308992.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43325.1726308992.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021305Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1f4743add885324a0c5389899e2ee281b3023c2011ac16230f92c0486e70a69a"} [2025-12-10 10:13:05.546] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:05.546] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:05.546] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:05.546] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:05.546] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:05.547] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:05.743] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43325.1726308992.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332785548, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43325, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999997790801334, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:13:05.743] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:05.743] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:05.743] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:05.743] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:08.651] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25374 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43404_192-168-37-136_8443.1727255892.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43404_192-168-37-136_8443.1727255892.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021308Z&X-Amz-Expires=604800&X-Amz-Signature=fe58bddf68b02613cc3c77428ee81a45eb44b11853ca58f461db277a2ccffa61&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:13:08.651] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:08.651] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:08.652] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:08.652] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:08.652] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:08.653] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:08.908] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43404_192-168-37-136_8443.1727255892.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332788653, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43404, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.999950120118117, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:08.908] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:08.908] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:08.908] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:08.908] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:11.754] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24610 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63545.1727520257.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63545.1727520257.jsonl?X-Amz-Expires=604800&X-Amz-Signature=d617446529630328c5a698c1dfb3c848d7498ada3981900a6e8b73d86e180355&X-Amz-Date=20251210T021311Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:13:11.754] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:11.754] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:11.755] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:11.755] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:11.755] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:11.755] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:11.951] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63545.1727520257.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332791755, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63545, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999915605102992, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:11.951] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:11.951] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:11.951] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:11.951] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:14.856] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24611 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62462_192-168-0-202_8080.1726715909.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62462_192-168-0-202_8080.1726715909.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=05a3b878993009b3c4bcc851d2afe7cada31f1dd50b55dc7efce9430a8e77d72&X-Amz-Date=20251210T021314Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:13:14.856] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:14.857] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:14.857] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:14.857] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:14.857] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:14.857] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:15.051] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62462_192-168-0-202_8080.1726715909.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332794857, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.0.3", "dest_ip": "192.168.0.202", "protocol": 6, "src_port": 62462, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:15.051] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:15.051] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:15.051] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:15.051] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:17.960] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24612 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43406_192-168-37-136_8443.1727255901.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43406_192-168-37-136_8443.1727255901.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021317Z&X-Amz-Expires=604800&X-Amz-Signature=b261424476679ffd7f1f796265e6db08c1e058a9a5dfde92b7570eca51ad2373&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:13:17.960] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:17.960] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:17.960] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:17.960] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:17.960] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:17.961] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:18.164] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43406_192-168-37-136_8443.1727255901.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332797961, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43406, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999835855763487, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:18.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:18.164] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:18.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:18.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:21.063] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24613 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50930.1727436517.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50930.1727436517.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=36c6f2d462217da87cc7e1aa734c1ac65f0828b6afb65dc7130f87851a12f2bf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021320Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:13:21.063] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:21.063] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:21.064] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:21.064] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:21.064] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:21.065] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:21.261] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50930.1727436517.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332801065, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50930, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999949518150368, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:21.261] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:21.261] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:21.261] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:21.261] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:24.167] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25375 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43403_192-168-37-136_8443.1727255889.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43403_192-168-37-136_8443.1727255889.jsonl?X-Amz-Signature=5977ff0f8d6361984da9adc487ffed994c44403398446d3f76ed668bd1512ffa&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021323Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:13:24.167] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:24.167] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:24.167] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:24.167] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:24.167] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:24.168] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:24.363] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43403_192-168-37-136_8443.1727255889.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332804168, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43403, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999741843451192, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:24.363] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:24.363] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:24.363] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:24.363] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:27.270] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25376 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62106.1727518658.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62106.1727518658.jsonl?X-Amz-Signature=d4560235779b1782a30fd2e4478a5b9796c76a0efdc9dd38424be3a49be102fd&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021326Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:13:27.270] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:27.270] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:27.270] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:27.270] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:27.271] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:27.271] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:27.470] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62106.1727518658.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332807272, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62106, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999991431974602, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:27.470] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:27.470] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:27.470] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:27.470] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:30.374] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24614 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43401_192-168-37-136_8443.1727255881.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43401_192-168-37-136_8443.1727255881.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021329Z&X-Amz-SignedHeaders=host&X-Amz-Signature=584c73b42f5755678e340610523552d425c0a5dc55710226389cf9db0e1e8490&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:13:30.374] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:30.374] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:30.374] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:30.374] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:30.374] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:30.375] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:30.572] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43401_192-168-37-136_8443.1727255881.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332810375, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43401, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999619129712799, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:30.573] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:30.573] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:30.573] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:30.573] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:33.478] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25739 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62972.1727519631.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62972.1727519631.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021332Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=5bd6a064ccc6971547cedf019cae2dae232c707d762b330104afd312fcf15dbd"} [2025-12-10 10:13:33.478] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:33.478] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:33.478] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:33.478] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:33.478] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:33.479] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:33.680] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62972.1727519631.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332813479, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62972, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999995521065269, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:33.680] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:33.680] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:33.680] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:33.680] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:36.582] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25740 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62969.1727519628.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62969.1727519628.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=5b322c6db6c952099e7a93a41ae6c6bd23e6786f2b7fb1230ab472634c3f88ba&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021336Z"} [2025-12-10 10:13:36.582] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:36.583] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:36.583] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:36.583] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:36.583] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:36.584] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:36.819] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62969.1727519628.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332816584, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62969, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999993572865448, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:36.819] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:36.819] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:36.819] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:36.819] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:39.686] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25377 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62102.1727518653.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62102.1727518653.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021339Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e85eab78a7dda44c703b4b22441f8c0d8a0b4c1029e31e3aa9e4dceb5099e8d3"} [2025-12-10 10:13:39.686] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:39.686] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:39.687] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:39.687] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:39.687] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:39.688] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:39.885] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62102.1727518653.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332819688, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62102, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999990589860412, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:39.885] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:39.885] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:39.885] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:39.885] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:42.791] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24615 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43318.1726308782.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43318.1726308782.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021342Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=70461f8826d9b35db6e87cf87472a8bbf8aff445a9cc06daad19727ec2a24dd5"} [2025-12-10 10:13:42.791] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:42.791] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:42.791] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:42.791] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:42.791] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:42.792] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:42.988] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43318.1726308782.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332822792, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43318, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9998460020677333, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:13:42.988] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:42.988] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:42.988] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:42.988] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:45.894] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25741 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50926.1727436513.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50926.1727436513.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=7a910a63e5518b1ec63a68e14ea85652429c650fc1eefc3e3eb13e8885911d58&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021345Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:13:45.894] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:45.895] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:45.895] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:45.895] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:45.895] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:45.895] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:46.093] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50926.1727436513.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332825896, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50926, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999998095689725, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:46.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:46.093] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:46.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:46.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:48.995] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25742 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61701.1727518203.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61701.1727518203.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021348Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0938dc84a28bf82df8ce159f58f37a1001ed299e8c7eb1e37f42090ede9f6710"} [2025-12-10 10:13:48.996] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:48.996] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:48.996] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:48.996] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:48.996] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:48.997] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:49.192] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61701.1727518203.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332828997, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61701, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:49.192] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:49.192] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:49.192] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:49.192] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:52.100] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25378 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43322.1726308954.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43322.1726308954.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=49e33681e2f07e876f42d147b8b3138b31fbba880f34533aad0263b9d858135a&X-Amz-Date=20251210T021351Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:13:52.100] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:52.100] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:52.100] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:52.100] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:52.100] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:52.101] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:52.300] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-tls1.3.pcap.TCP_10-0-4-15_443_218-26-55-102_43322.1726308954.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332832101, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43322, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9985696145136909, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:13:52.300] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:52.300] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:52.300] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:52.300] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:55.201] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25379 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63363.1727520066.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63363.1727520066.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=20afc1f53d5a9b6eeb95655ab2951ffb8057a21dd6322023398b6d5c369b7405&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021354Z&X-Amz-Expires=604800"} [2025-12-10 10:13:55.201] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:55.201] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:55.201] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:55.201] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:55.201] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:55.202] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:55.401] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63363.1727520066.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332835202, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63363, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:55.401] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:55.401] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:55.401] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:55.401] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:13:58.302] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24616 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50577.1727436132.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50577.1727436132.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=cbf63c308d0508248dd3d449f194d2de3ee1360da0fd44716042ace5ca2c0845&X-Amz-Date=20251210T021357Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:13:58.302] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:13:58.302] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:13:58.302] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:13:58.302] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:13:58.302] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:13:58.303] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:13:58.498] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50577.1727436132.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332838303, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50577, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:13:58.498] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:13:58.498] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:13:58.498] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:13:58.498] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:01.406] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25380 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62983.1727519640.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62983.1727519640.jsonl?X-Amz-Date=20251210T021400Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=93057cb72efb1788bb4f5f21508fe7873c2928725a8f8dc849b9180bb38dc8f3"} [2025-12-10 10:14:01.406] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:01.406] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:01.406] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:01.406] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:01.406] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:01.407] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:01.609] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62983.1727519640.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332841407, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62983, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999991931545127, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:01.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:01.609] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:01.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:01.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:04.507] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25743 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62820.1727519469.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62820.1727519469.jsonl?X-Amz-Signature=9d9f4a04b8df708b12b3acd425f02c66851586eff638f00af7002945a062a1ec&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021404Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:14:04.507] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:04.507] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:04.507] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:04.507] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:04.507] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:04.508] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:04.707] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62820.1727519469.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332844508, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62820, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:04.708] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:04.708] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:04.708] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:04.708] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:07.608] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25381 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43087_192-168-37-136_8080.1727255555.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43087_192-168-37-136_8080.1727255555.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021407Z&X-Amz-Signature=4a879905fd18fd8898ece771487b418d1195cb34ed1a52c3411bc0a093f931b5&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:14:07.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:07.609] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:07.609] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:07.609] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:07.609] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:07.609] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:07.804] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43087_192-168-37-136_8080.1727255555.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332847609, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43087, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:07.804] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:07.804] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:07.804] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:07.804] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:10.713] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25744 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62117.1727518668.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62117.1727518668.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=7f818b69601c1cd58d7844a80091d5c12f3dada1924e9edbcf02ab953891de70&X-Amz-Expires=604800&X-Amz-Date=20251210T021410Z"} [2025-12-10 10:14:10.713] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:10.713] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:10.714] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:10.714] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:10.714] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:10.714] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:10.945] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62117.1727518668.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332850714, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62117, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999999272528492, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:10.945] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:10.945] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:10.945] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:10.945] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:13.818] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24617 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50943.1727436530.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50943.1727436530.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e6c0819453f55a200024314ae48c194c18732517c0892ed154e7212b02ad5e66&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021413Z&X-Amz-Expires=604800"} [2025-12-10 10:14:13.818] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:13.818] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:13.818] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:13.818] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:13.818] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:13.819] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:14.020] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50943.1727436530.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332853819, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50943, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999993068317785, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:14.020] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:14.020] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:14.020] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:14.020] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:16.924] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25745 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11104.1726283958.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11104.1726283958.jsonl?X-Amz-Signature=6934a039e17f5c6dad6ac9ba98fd9f9edec8f6fe5902dfe309ff8341fe79648e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021416Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:14:16.924] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:16.925] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:16.925] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:16.925] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:16.925] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:16.925] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:17.122] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11104.1726283958.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332856925, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11104, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.9999932089351036, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:14:17.122] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:17.122] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:17.122] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:17.122] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:20.028] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25746 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41527_192-168-163-23_443.1726205287.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41527_192-168-163-23_443.1726205287.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=62e46437518eb0b22b26ee948ee8c00fe5a357154dcd6f020f5c3ac8d4a780bd&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021419Z"} [2025-12-10 10:14:20.028] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:20.028] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:20.028] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:20.029] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:20.029] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:20.029] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:20.226] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_https-1.pcap.TCP_192-168-163-21_41527_192-168-163-23_443.1726205287.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332860029, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41527, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999988532992616, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:14:20.226] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:20.226] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:20.226] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:20.226] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:23.132] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24618 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63525.1727520238.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63525.1727520238.jsonl?X-Amz-Date=20251210T021422Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=8f4bcbef0d50db8e45480e0d292a6c79748b30d082f221942588caef99fdefd6&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:14:23.132] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:23.132] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:23.132] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:23.132] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:23.132] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:23.133] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:23.331] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63525.1727520238.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332863133, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63525, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999982205400834, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:23.331] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:23.331] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:23.331] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:23.331] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:26.235] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24619 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62968.1727519627.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62968.1727519627.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021425Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=b2c8ea18102c715326f574c46852599b2213f6e3ed2832227b79527cc5ea8389"} [2025-12-10 10:14:26.235] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:26.235] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:26.235] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:26.235] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:26.235] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:26.236] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:26.433] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62968.1727519627.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332866236, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62968, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999994164457416, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:26.433] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:26.433] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:26.433] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:26.433] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:29.339] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25382 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50920.1727436507.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50920.1727436507.jsonl?X-Amz-Date=20251210T021428Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=203efb586db4e4f1119e8f3622166dba1f3c5f71dfbac1610465a47e79b2869a&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:14:29.339] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:29.339] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:29.339] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:29.339] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:29.339] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:29.340] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:29.610] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_50920.1727436507.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332869340, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50920, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999998116072133, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:29.610] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:29.610] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:29.610] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:29.610] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:32.442] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24620 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62099.1727518652.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62099.1727518652.jsonl?X-Amz-Date=20251210T021431Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=5dcd9e38b43527d1f7f568eb71d00d7ae8215fb7f248834c3e277fc384578cb2"} [2025-12-10 10:14:32.442] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:32.442] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:32.443] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:32.443] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:32.443] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:32.443] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:32.643] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_62099.1727518652.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332872443, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62099, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999990782895907, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:32.643] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:32.643] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:32.643] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:32.643] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:35.545] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24621 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41851_192-168-163-23_443.1726206852.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41851_192-168-163-23_443.1726206852.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021435Z&X-Amz-Signature=21e3a2b8724c52e4b6941ca22dfdd76235155ade69a0c38a0289e2e4c15a0573"} [2025-12-10 10:14:35.545] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:35.545] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:35.545] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:35.545] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:35.545] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:35.545] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:35.751] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_https-1.pcap.TCP_192-168-163-21_41851_192-168-163-23_443.1726206852.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332875545, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41851, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9999556955778931, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:14:35.751] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:35.751] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:35.751] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:35.751] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:38.649] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25747 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40759_192-168-37-136_8443.1727405709.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40759_192-168-37-136_8443.1727405709.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=25fecb3449e97a46fb478237b066ee5853c514e6020900023f9fad63f49dc18f&X-Amz-Date=20251210T021438Z&X-Amz-Expires=604800"} [2025-12-10 10:14:38.649] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:38.649] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:38.649] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:38.649] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:38.649] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:38.649] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:38.848] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40759_192-168-37-136_8443.1727405709.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332878649, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40759, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999764077095253, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:38.848] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:38.848] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:38.848] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:38.848] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:41.752] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25748 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11105.1726283996.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11105.1726283996.jsonl?X-Amz-Signature=927f0e1318a4c4d5eaa7b3b21f6e57e8605feb15b43c1437cd7277cbc8a838ca&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021441Z&X-Amz-Expires=604800"} [2025-12-10 10:14:41.753] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:41.753] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:41.753] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:41.753] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:41.753] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:41.754] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:41.956] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11105.1726283996.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332881754, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11105, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.9999984875048314, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:14:41.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:41.956] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:41.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:41.956] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:44.855] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25383 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40638_192-168-37-136_8443.1727405654.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40638_192-168-37-136_8443.1727405654.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021444Z&X-Amz-Expires=604800&X-Amz-Signature=c5d88d89d024e510ec1aa85634e0b303c10c82201934e08e56d2fffa28a5d9cb&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:14:44.855] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:44.855] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:44.856] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:44.856] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:44.856] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:44.856] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:45.085] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40638_192-168-37-136_8443.1727405654.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332884856, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40638, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999861625471376, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:45.085] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:45.085] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:45.085] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:45.085] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:47.957] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24622 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43069_192-168-37-136_8080.1727255551.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43069_192-168-37-136_8080.1727255551.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=1de7fae1f57ff9f253ace6d2cc7185a138b35acb557d6de7d39d585fe2f587c6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021447Z&X-Amz-Expires=604800"} [2025-12-10 10:14:47.957] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:47.957] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:47.957] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:47.957] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:47.957] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:47.957] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:48.160] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43069_192-168-37-136_8080.1727255551.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332887957, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43069, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:48.160] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:48.160] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:48.160] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:48.160] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:51.059] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25384 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43064_192-168-37-136_8080.1727255542.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43064_192-168-37-136_8080.1727255542.jsonl?X-Amz-Date=20251210T021450Z&X-Amz-Expires=604800&X-Amz-Signature=a77595727ed3a318295aa05c64b236c2e2fca6a19404d77020642a20d701e182&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:14:51.059] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:51.059] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:51.059] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:51.059] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:51.059] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:51.059] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:51.254] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43064_192-168-37-136_8080.1727255542.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332891059, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43064, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:51.255] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:51.255] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:51.255] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:51.255] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:54.159] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25385 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43068_192-168-37-136_8080.1727255548.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43068_192-168-37-136_8080.1727255548.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=9b00f5e442d076983bc67f0af89fe797b76f2e9fd87cf2f3c436bb67f348275e&X-Amz-Date=20251210T021453Z"} [2025-12-10 10:14:54.159] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:54.159] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:54.159] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:54.159] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:54.159] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:54.159] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:54.354] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43068_192-168-37-136_8080.1727255548.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332894160, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43068, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:54.354] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:54.354] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:54.354] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:54.354] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:14:57.262] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25386 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43067_192-168-37-136_8080.1727255545.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43067_192-168-37-136_8080.1727255545.jsonl?X-Amz-Signature=4480b4500d010fc6044854f5b39a14d4a9b79bbcfb72b84a54f02dce53acbec8&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021456Z&X-Amz-Expires=604800"} [2025-12-10 10:14:57.262] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:14:57.262] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:14:57.262] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:14:57.262] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:14:57.262] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:14:57.263] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:14:57.458] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43067_192-168-37-136_8080.1727255545.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332897263, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43067, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:14:57.458] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:14:57.458] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:14:57.458] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:14:57.458] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:00.363] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24623 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43062_192-168-37-136_8080.1727255540.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43062_192-168-37-136_8080.1727255540.jsonl?X-Amz-Signature=92cac65c2aeabf5086a1b0eb231a2fd1e77fa980e92bd7c23a69b3be90eb12c6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021459Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:15:00.363] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:00.363] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:00.363] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:00.363] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:00.363] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:00.364] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:00.558] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_43062_192-168-37-136_8080.1727255540.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332900364, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43062, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:00.558] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:00.558] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:00.558] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:00.558] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:03.465] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25749 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62923_172-28-211-96_8443.1726646667.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62923_172-28-211-96_8443.1726646667.jsonl?X-Amz-Date=20251210T021502Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=f4a774f07cd4947c879e8bb84ab4f5700cd0100f145e55b6ce7b9f6957b0d2f8&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:15:03.465] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:03.465] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:03.465] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:03.465] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:03.465] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:03.465] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:03.658] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62923_172-28-211-96_8443.1726646667.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332903465, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62923, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999986556426316, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:15:03.658] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:03.658] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:03.658] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:03.658] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:06.566] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24624 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62948_172-28-211-96_8443.1726646799.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62948_172-28-211-96_8443.1726646799.jsonl?X-Amz-Date=20251210T021506Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=a2b4672eb60354e4e1ac8d04beaea866029d7e8f938515503c4fc6dc343f4661&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:15:06.566] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:06.566] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:06.566] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:06.566] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:06.566] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:06.567] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:06.769] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62948_172-28-211-96_8443.1726646799.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332906567, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62948, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999846195871893, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:15:06.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:06.769] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:06.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:06.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:09.669] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25387 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43393_192-168-37-136_8443.1727255879.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43393_192-168-37-136_8443.1727255879.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021509Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=dfb3c69a889fd8fc6b88d61722919d1751e9ed3e3824bb126a4559804f233ecf&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:15:09.670] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:09.670] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:09.670] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:09.670] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:09.670] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:09.671] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:09.867] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43393_192-168-37-136_8443.1727255879.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332909671, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43393, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999850712661191, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:09.867] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:09.867] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:09.867] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:09.867] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:12.773] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24625 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11103.1726283937.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11103.1726283937.jsonl?X-Amz-Signature=85dd5ea644da48e08032fef66fcac2f5e646c11b85030b6b7d7dae12425e56bf&X-Amz-Date=20251210T021512Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:15:12.773] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:12.773] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:12.774] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:12.774] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:12.774] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:12.774] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:12.971] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_4433_111-53-218-171_11103.1726283937.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332912774, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "111.53.218.171", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 11103, "dest_port": 4433, "y_pred": 2, "y_pred_proba_max": 0.999990324565601, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:15:12.971] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:12.971] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:12.971] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:12.971] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:15.877] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24626 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36032_192-168-17-132_443.1726129392.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36032_192-168-17-132_443.1726129392.jsonl?X-Amz-Date=20251210T021515Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=105940187892a03654f9c7d317b7d9347606716781090092671bf6bf04cc93cd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:15:15.877] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:15.877] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:15.877] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:15.877] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:15.877] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:15.878] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:16.108] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID76_godzilla_4.01_aspx_windowsserver2008r2.pcap.TCP_192-168-17-1_36032_192-168-17-132_443.1726129392.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332915878, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.17.1", "dest_ip": "192.168.17.132", "protocol": 6, "src_port": 36032, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9994291672420103, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:15:16.109] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:16.109] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:16.109] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:16.109] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:18.980] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24627 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40754_192-168-37-136_8443.1727405702.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40754_192-168-37-136_8443.1727405702.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=378951ec611d53bb7b81532011071da3fb8516b778ba247f44ea41383d534fcd&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021518Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:15:18.980] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:18.980] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:18.980] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:18.980] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:18.981] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:18.981] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:19.184] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40754_192-168-37-136_8443.1727405702.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332918981, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40754, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999508405127174, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:19.184] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:19.184] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:19.184] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:19.184] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:22.083] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24628 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43400_192-168-37-136_8443.1727255881.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43400_192-168-37-136_8443.1727255881.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021521Z&X-Amz-SignedHeaders=host&X-Amz-Signature=10466b7b1b5cbe426ef9cc40609b3b4502891afd9181e334c5286a09f796e3cc&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:15:22.083] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:22.083] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:22.083] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:22.083] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:22.083] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:22.084] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:22.282] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43400_192-168-37-136_8443.1727255881.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332922084, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43400, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.999986714697859, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:22.282] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:22.282] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:22.282] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:22.282] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:25.186] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25388 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43402_192-168-37-136_8443.1727255889.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43402_192-168-37-136_8443.1727255889.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021524Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=04ba0351f48d01b4544880680c84bfd6391b1554bfc341adfb73ab33a1f0061d"} [2025-12-10 10:15:25.186] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:25.186] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:25.187] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:25.187] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:25.187] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:25.187] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:25.385] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_https.pcap.TCP_192-168-37-1_43402_192-168-37-136_8443.1727255889.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332925187, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 43402, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999884025457922, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:25.385] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:25.385] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:25.385] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:25.385] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:28.289] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25389 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40732_192-168-37-136_8443.1727405688.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40732_192-168-37-136_8443.1727405688.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=27f281c4cdef7251c766c50ed20896d97c184f511b2595230e8ac036cb600b13&X-Amz-Date=20251210T021527Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:15:28.289] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:28.289] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:28.289] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:28.289] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:28.289] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:28.290] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:28.488] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40732_192-168-37-136_8443.1727405688.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332928290, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40732, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999956356287028, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:28.488] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:28.488] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:28.488] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:28.488] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:31.393] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25390 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40747_192-168-37-136_8443.1727405701.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40747_192-168-37-136_8443.1727405701.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021530Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=ed6e422396fe0b39cc51d91c905910215a308bebc57418a758c8150d201049ab"} [2025-12-10 10:15:31.393] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:31.393] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:31.393] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:31.393] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:31.393] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:31.394] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:31.592] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40747_192-168-37-136_8443.1727405701.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332931394, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40747, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999818846354278, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:31.592] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:31.592] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:31.592] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:31.592] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:34.495] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25391 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62962_172-28-211-96_8443.1726646945.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62962_172-28-211-96_8443.1726646945.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021533Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=8f336323b3973de329d3110df1b106f31d38f8aa6af95fa9c6378951b43c2adb&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:15:34.495] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:34.495] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:34.495] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:34.495] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:34.495] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:34.496] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:34.693] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_https.pcap.TCP_172-28-208-1_62962_172-28-211-96_8443.1726646945.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332934496, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62962, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.972594550524513, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:15:34.693] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:34.693] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:34.693] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:34.693] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:37.598] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24629 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40756_192-168-37-136_8443.1727405704.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40756_192-168-37-136_8443.1727405704.jsonl?X-Amz-Signature=480d2f49e3aae8b9148f6533f105a21e9a6dad15447e1181fdf22435ea113d9e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021537Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:15:37.598] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:37.598] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:37.599] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:37.599] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:37.599] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:37.599] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:37.804] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40756_192-168-37-136_8443.1727405704.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332937599, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40756, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.999993115660779, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:37.804] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:37.804] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:37.804] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:37.804] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:40.703] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25750 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40633_192-168-37-136_8443.1727405643.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40633_192-168-37-136_8443.1727405643.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b204672819bafe70947e941d9017bebb4c383c544ee436523d8adcb2d892d568&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T021540Z"} [2025-12-10 10:15:40.703] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:40.703] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:40.703] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:40.703] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:40.703] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:40.703] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:40.902] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40633_192-168-37-136_8443.1727405643.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332940703, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40633, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999895142193123, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:40.902] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:40.903] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:40.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:40.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:43.807] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24630 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50447.1727159684.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50447.1727159684.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=4be1215e42cd11b6d8ca0eed837bf8bd0c19b7677f119f16818457e81b9e125c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021543Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:15:43.807] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:43.807] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:43.807] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:43.807] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:43.807] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:43.808] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:44.005] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.pcap.TCP_192-168-32-41_9443_192-168-32-46_50447.1727159684.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332943808, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50447, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9948477535374655, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:15:44.005] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:44.005] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:44.005] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:44.005] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:46.909] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24631 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40634_192-168-37-136_8443.1727405644.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40634_192-168-37-136_8443.1727405644.jsonl?X-Amz-Signature=1aceb1274580a79e90ed54f27ba4fba9feec3cbfd8c3f0d593f0b71653bc70e7&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021546Z&X-Amz-Expires=604800"} [2025-12-10 10:15:46.910] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:46.910] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:46.910] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:46.910] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:46.910] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:46.910] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:47.107] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40634_192-168-37-136_8443.1727405644.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332946910, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40634, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999888677809735, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:47.107] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:47.107] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:47.107] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:47.107] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:50.013] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24632 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40632_192-168-37-136_8443.1727405641.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40632_192-168-37-136_8443.1727405641.jsonl?X-Amz-Date=20251210T021549Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=dc6a0be63a50ad7ded97ef4faa13104813d68bbee87f6b88205c326c933f93a4&X-Amz-Expires=604800"} [2025-12-10 10:15:50.013] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:50.013] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:50.014] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:50.014] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:50.014] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:50.014] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:50.250] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40632_192-168-37-136_8443.1727405641.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332950014, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40632, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999869549610207, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:50.250] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:50.250] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:50.250] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:50.251] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:53.116] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24633 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40636_192-168-37-136_8443.1727405649.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40636_192-168-37-136_8443.1727405649.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021552Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=24f6590ba91c8b26007f4461439c81798b3994fe05dbf32d30ca76bc8bf0cad9"} [2025-12-10 10:15:53.116] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:53.116] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:53.116] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:53.116] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:53.116] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:53.117] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:53.317] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40636_192-168-37-136_8443.1727405649.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332953117, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40636, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999585619910507, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:53.317] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:53.317] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:53.317] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:53.317] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:56.218] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25751 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62615_172-28-211-96_8080.1726644178.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62615_172-28-211-96_8080.1726644178.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021555Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=6412bc0b87be6461262d96f557b761978edf605c295ff9adff19bf8e26ad4b3d"} [2025-12-10 10:15:56.218] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:56.218] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:56.218] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:56.218] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:56.218] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:56.219] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:56.414] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62615_172-28-211-96_8080.1726644178.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332956219, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62615, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:56.414] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:56.414] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:56.414] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:56.414] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:15:59.319] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24634 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62612_172-28-211-96_8080.1726644151.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62612_172-28-211-96_8080.1726644151.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021558Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=eaf120080f998dc2f42f16ab4469f4dc3b061451b6dace83f2411a048d904b36&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:15:59.320] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:15:59.320] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:15:59.320] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:15:59.320] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:15:59.320] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:15:59.320] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:15:59.514] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62612_172-28-211-96_8080.1726644151.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332959320, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62612, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:15:59.514] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:15:59.514] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:15:59.514] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:15:59.514] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:02.421] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24635 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62633_172-28-211-96_8080.1726644320.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62633_172-28-211-96_8080.1726644320.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=db38fc9231e251eb94d9998ee0fa03c9d3229368e662547f5b1bffaf8c04d7bc&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021601Z"} [2025-12-10 10:16:02.421] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:02.421] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:02.421] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:02.421] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:02.421] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:02.422] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:02.616] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62633_172-28-211-96_8080.1726644320.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332962422, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62633, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:16:02.616] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:02.616] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:02.616] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:02.616] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:05.524] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25392 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55620_192-168-112-135_443.1727254933.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55620_192-168-112-135_443.1727254933.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021605Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=b9de8c2d98378d22227b5fe5079a8bf0bd5e779c709722bfa538a26de4a99f6a"} [2025-12-10 10:16:05.525] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:05.525] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:05.525] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:05.525] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:05.525] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:05.525] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:05.727] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55620_192-168-112-135_443.1727254933.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332965525, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55620, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9998739421451495, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:16:05.727] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:05.727] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:05.727] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:05.727] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:08.632] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25393 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63532.1727520246.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63532.1727520246.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=bdd771ab60a1307d18283d1490f99ebe104d55eafe1ff9252a3dcb5d18850ac6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021608Z&X-Amz-Expires=604800"} [2025-12-10 10:16:08.632] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:08.632] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:08.632] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:08.632] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:08.632] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:08.633] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:08.835] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63532.1727520246.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332968633, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63532, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999883040487229, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:16:08.835] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:08.835] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:08.835] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:08.835] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:11.736] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25752 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63530.1727520244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63530.1727520244.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=f0d9ba327f5c25160a9e73c8fe0b53df1a328a9f5699566dcec782fe7bbab9b5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021611Z"} [2025-12-10 10:16:11.736] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:11.736] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:11.736] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:11.736] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:11.736] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:11.737] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:11.934] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63530.1727520244.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332971737, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63530, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999972860478558, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:16:11.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:11.934] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:11.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:11.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:14.838] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25753 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62638_172-28-211-96_8080.1726644371.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62638_172-28-211-96_8080.1726644371.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=39f1b25a9fb16c55315d84a3a3caa1e35ca405a924e0cecbfdf1ba4da867819d&X-Amz-Date=20251210T021614Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:16:14.838] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:14.838] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:14.838] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:14.838] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:14.838] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:14.839] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:15.031] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID56_behinderv4.0.7_jsp_win10_http.pcap.TCP_172-28-208-1_62638_172-28-211-96_8080.1726644371.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332974839, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62638, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:16:15.031] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:15.031] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:15.031] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:15.031] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:17.942] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25754 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40630_192-168-37-136_8443.1727405639.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40630_192-168-37-136_8443.1727405639.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=3dbaf95806b4a493ad6e1a6677ffe47034e433296bdd7b7f4546a01562baec89&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021617Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:16:17.942] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:17.942] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:17.942] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:17.942] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:17.942] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:17.942] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:18.140] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_https.pcap.TCP_192-168-37-1_40630_192-168-37-136_8443.1727405639.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332977943, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 40630, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9999890158327207, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:16:18.140] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:18.140] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:18.140] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:18.140] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:21.044] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24636 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62747_172-28-211-96_8443.1726645204.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62747_172-28-211-96_8443.1726645204.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=05e74332a7c20f3bba09eb57cc0391084959288a6dcce08eb67dfb3651f47a1a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021620Z&X-Amz-Expires=604800"} [2025-12-10 10:16:21.044] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:21.044] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:21.044] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:21.044] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:21.044] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:21.045] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:21.248] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62747_172-28-211-96_8443.1726645204.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332981045, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62747, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9997218385332213, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:16:21.248] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:21.248] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:21.248] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:21.248] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:24.146] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25394 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62761_172-28-211-96_8443.1726645354.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62761_172-28-211-96_8443.1726645354.jsonl?X-Amz-Signature=e3ed3b26d1270ff72b15d38929cedd06f64dd48fc4ecb8e8ca9a7e8c30547e6b&X-Amz-Date=20251210T021623Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:16:24.146] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:24.146] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:24.146] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:24.146] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:24.146] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:24.147] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:24.344] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62761_172-28-211-96_8443.1726645354.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332984147, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62761, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999815986379271, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:16:24.344] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:24.344] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:24.344] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:24.344] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:27.247] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25395 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62763_172-28-211-96_8443.1726645377.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62763_172-28-211-96_8443.1726645377.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021626Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=90b4389708d70c48f43ba2e3b5dd972ced532018c4b1de6881a2cb787dd0a96b"} [2025-12-10 10:16:27.248] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:27.248] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:27.248] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:27.248] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:27.248] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:27.248] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:27.446] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62763_172-28-211-96_8443.1726645377.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332987248, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62763, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999430013258271, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:16:27.446] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:27.446] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:27.446] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:27.446] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:30.351] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25755 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62769_172-28-211-96_8443.1726645414.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62769_172-28-211-96_8443.1726645414.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=c50f5cfcf3da2ef965acdc0d0f284d8a171ef2938b1154251f9512bdc5c2507f&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021629Z"} [2025-12-10 10:16:30.351] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:30.351] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:30.352] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:30.352] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:30.352] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:30.352] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:30.584] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62769_172-28-211-96_8443.1726645414.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332990352, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62769, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999401061706084, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:16:30.584] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:30.584] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:30.584] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:30.584] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:33.453] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25756 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62759_172-28-211-96_8443.1726645333.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62759_172-28-211-96_8443.1726645333.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021632Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=7bd76ef93ed1f00f1ee5b666625d3ccfe0f0d2392390e4c56a2df4c8929ad3d3"} [2025-12-10 10:16:33.453] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:33.453] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:33.453] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:33.453] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:33.453] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:33.454] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:33.651] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62759_172-28-211-96_8443.1726645333.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332993454, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62759, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.99980192794154, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:16:33.651] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:33.651] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:33.651] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:33.651] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:36.555] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25757 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62768_172-28-211-96_8443.1726645401.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62768_172-28-211-96_8443.1726645401.jsonl?X-Amz-Date=20251210T021636Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=dc43ad5bd001f25b3322ef64d5b9d384525375fc4d89f2710a0fd88ae5e56132&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:16:36.555] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:36.555] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:36.555] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:36.555] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:36.555] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:36.556] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:36.756] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_https.pcap.TCP_172-28-208-1_62768_172-28-211-96_8443.1726645401.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332996556, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62768, "dest_port": 8443, "y_pred": 2, "y_pred_proba_max": 0.9999728326558567, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:16:36.756] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:36.756] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:36.756] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:36.756] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:39.658] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24637 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11809_192-168-52-129_443.1726018281.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11809_192-168-52-129_443.1726018281.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=f20a9cb838764efeda6fc5f7947e2d17204b3690ef56fccb19e88a5041e850c6&X-Amz-Date=20251210T021639Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:16:39.658] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:39.658] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:39.658] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:39.658] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:39.658] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:39.659] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:39.853] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11809_192-168-52-129_443.1726018281.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765332999659, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11809, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999992513735558, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:16:39.853] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:39.853] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:39.853] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:39.853] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:42.762] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24638 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12308_192-168-52-129_443.1726018582.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12308_192-168-52-129_443.1726018582.jsonl?X-Amz-Date=20251210T021642Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7dc3a1cd073483c578cd10a0572b3ad2d89bf4cf7f654b67be0d162a50d2ba0d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:16:42.762] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:42.762] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:42.762] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:42.762] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:42.762] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:42.763] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:42.960] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12308_192-168-52-129_443.1726018582.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333002763, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12308, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999941347237843, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:16:42.960] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:42.960] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:42.960] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:42.960] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:45.863] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25396 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41731_192-168-163-23_80.1726206221.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41731_192-168-163-23_80.1726206221.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021645Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6e3bbc4b48c580a9b941cec9379da64a2c6dc7c0207b08b80dc3eb1c489c0908&X-Amz-SignedHeaders=host"} [2025-12-10 10:16:45.863] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:45.863] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:45.863] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:45.863] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:45.863] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:45.864] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:46.060] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID62_godzillav2.96_php_linux_http-1.pcap.TCP_192-168-163-21_41731_192-168-163-23_80.1726206221.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333005864, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41731, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:16:46.060] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:46.060] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:46.060] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:46.060] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:48.965] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25397 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41374_192-168-163-23_80.1726204412.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41374_192-168-163-23_80.1726204412.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021648Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b3a3dd5d16d08cd9de85aa0f085758ec421fa450fe0e8139f5b1fcd9dd36bd13"} [2025-12-10 10:16:48.965] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:48.965] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:48.965] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:48.965] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:48.965] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:48.965] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:49.161] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID61_godzillav1.10_php_linux_http-1.pcap.TCP_192-168-163-21_41374_192-168-163-23_80.1726204412.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333008965, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.21", "dest_ip": "192.168.163.23", "protocol": 6, "src_port": 41374, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:16:49.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:49.161] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:49.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:49.161] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:52.067] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25758 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42745_192-168-52-129_443.1726042680.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42745_192-168-52-129_443.1726042680.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=9dd0c67c8590b2e4c944f0e9462082912e0647d1a7e22a8aece5d89a18346b31&X-Amz-Date=20251210T021651Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:16:52.067] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:52.067] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:52.068] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:52.068] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:52.068] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:52.068] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:52.267] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42745_192-168-52-129_443.1726042680.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333012068, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42745, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999926109927832, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:16:52.267] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:52.267] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:52.267] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:52.267] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:55.171] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25398 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42875_192-168-52-129_443.1726042781.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42875_192-168-52-129_443.1726042781.jsonl?X-Amz-Signature=7ea3c30079f6fac0b8edab6fc227f51e6d401012e9111bf78fe5efdc077cb805&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021654Z"} [2025-12-10 10:16:55.171] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:55.171] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:55.172] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:55.172] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:55.172] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:55.172] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:55.369] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42875_192-168-52-129_443.1726042781.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333015172, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42875, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999940526470186, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:16:55.369] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:55.369] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:55.369] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:55.369] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:16:58.274] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25399 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55632_192-168-112-135_443.1727254937.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55632_192-168-112-135_443.1727254937.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021657Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=cbbbbf06b0573f41fba338c4514d25edd35cf262d413caf9cf27a275981671f5"} [2025-12-10 10:16:58.274] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:16:58.274] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:16:58.274] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:16:58.274] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:16:58.274] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:16:58.275] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:16:58.476] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55632_192-168-112-135_443.1727254937.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333018275, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55632, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997803820183112, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:16:58.476] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:16:58.476] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:16:58.476] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:16:58.476] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:01.378] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24639 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55606_192-168-112-135_443.1727254929.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55606_192-168-112-135_443.1727254929.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=dac629b4f905dfd913f88a268fd6bb49c5021b6b6c7964fa241ecbb666aa51b4&X-Amz-Expires=604800&X-Amz-Date=20251210T021700Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:17:01.378] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:01.378] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:01.378] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:01.378] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:01.378] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:01.378] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:01.606] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55606_192-168-112-135_443.1727254929.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333021378, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55606, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997664093829481, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:01.606] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:01.606] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:01.606] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:01.606] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:04.480] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24640 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55638_192-168-112-135_443.1727254941.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55638_192-168-112-135_443.1727254941.jsonl?X-Amz-Signature=a39267d60c8635420e6e931488bdbe92011c29a268806a046462367c2b6245dd&X-Amz-Date=20251210T021703Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:17:04.480] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:04.480] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:04.481] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:04.481] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:04.481] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:04.481] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:04.680] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55638_192-168-112-135_443.1727254941.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333024481, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55638, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9998024162068299, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:04.680] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:04.680] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:04.680] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:04.680] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:07.584] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25400 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41055_192-168-52-129_443.1726041749.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41055_192-168-52-129_443.1726041749.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021707Z&X-Amz-Signature=049a3781f3e9b623d5649f7f22186994a6b3f08dcd6eaaaa0d42ba9d456d880e"} [2025-12-10 10:17:07.584] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:07.584] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:07.584] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:07.584] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:07.584] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:07.584] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:07.791] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41055_192-168-52-129_443.1726041749.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333027584, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41055, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999954480615826, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:17:07.791] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:07.791] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:07.791] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:07.791] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:10.687] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25401 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55626_192-168-112-135_443.1727254935.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55626_192-168-112-135_443.1727254935.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=e472b7561bc0751ea68cf5f4a022c5af99e4d7ebb0f3393f3d9a895b9338ed3a&X-Amz-Date=20251210T021710Z"} [2025-12-10 10:17:10.687] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:10.687] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:10.687] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:10.687] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:10.687] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:10.687] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:10.885] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55626_192-168-112-135_443.1727254935.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333030687, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55626, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9998559497774789, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:10.886] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:10.886] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:10.886] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:10.886] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:13.793] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25402 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55641_192-168-112-135_443.1727254943.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55641_192-168-112-135_443.1727254943.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e69d62a1165d09f65dcd11b9f18a6d96e5edbad4ace0bfd9539571b8ce4e5a01&X-Amz-Date=20251210T021713Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:17:13.793] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:13.793] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:13.793] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:13.793] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:13.793] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:13.793] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:13.990] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https.pcap.TCP_192-168-112-1_55641_192-168-112-135_443.1727254943.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333033793, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 55641, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9998248253629146, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:13.990] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:13.990] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:13.990] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:13.990] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:16.894] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25759 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54132_192-168-37-136_8080.1727405500.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54132_192-168-37-136_8080.1727405500.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=97f312f7468f13a9471ba6eab002407828d713e39d4c09b5e5f0da2710efcafc&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021716Z"} [2025-12-10 10:17:16.894] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:16.894] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:16.894] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:16.894] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:16.894] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:16.895] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:17.089] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_54132_192-168-37-136_8080.1727405500.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333036895, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 54132, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:17.089] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:17.089] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:17.089] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:17.089] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:19.995] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25760 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36459_192-168-37-136_8080.1727405543.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36459_192-168-37-136_8080.1727405543.jsonl?X-Amz-Signature=f8dceb69fcbb6bbd70b1070ed108d648c97875af791fabf3256676680458f264&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021719Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:17:19.996] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:19.996] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:19.996] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:19.996] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:19.996] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:19.996] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:20.193] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID89_antsword_2.1.10_jsp_http.pcap.TCP_192-168-37-1_36459_192-168-37-136_8080.1727405543.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333039996, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 36459, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:20.193] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:20.193] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:20.193] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:20.193] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:23.097] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25403 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50558.1727436116.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50558.1727436116.jsonl?X-Amz-Signature=7c2a33dcd460e8cded349a57744f39711d904dc91687a6bc0d526175c0b31a04&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021722Z"} [2025-12-10 10:17:23.097] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:23.097] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:23.097] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:23.097] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:23.097] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:23.098] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:23.308] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID99_antsword_2.1.12_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_50558.1727436116.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333043098, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 50558, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:23.308] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:23.308] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:23.308] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:23.308] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:26.200] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24641 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63543.1727520254.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63543.1727520254.jsonl?X-Amz-Date=20251210T021725Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=4a95baf26460445145612d70f97c2644346404007508b85dada14106841ee114"} [2025-12-10 10:17:26.200] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:26.200] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:26.201] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:26.201] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:26.201] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:26.201] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:26.407] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_https.pcap.TCP_192-168-42-130_443_192-168-42-130_63543.1727520254.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333046201, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63543, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999967668108191, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:26.407] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:26.407] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:26.407] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:26.407] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:29.302] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24642 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61686.1727518189.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61686.1727518189.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=e3c7a101e1dbbf35b561379102297aee4b8a9e396373b86ef146783b6ab91f15&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021728Z"} [2025-12-10 10:17:29.302] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:29.302] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:29.302] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:29.302] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:29.302] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:29.303] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:29.508] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61686.1727518189.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333049303, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61686, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:29.508] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:29.508] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:29.508] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:29.508] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:32.404] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25404 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53571_192-168-112-135_443.1726624889.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53571_192-168-112-135_443.1726624889.jsonl?X-Amz-Date=20251210T021731Z&X-Amz-Signature=0627d946d7bf6e0743b651c32bd144cd064ac3f245a5efafe0437630ad6edb3c&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:17:32.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:32.405] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:32.405] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:32.405] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:32.405] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:32.405] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:32.605] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53571_192-168-112-135_443.1726624889.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333052405, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53571, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999687210973073, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:32.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:32.605] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:32.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:32.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:35.506] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25761 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13386_192-168-52-129_80.1726193434.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13386_192-168-52-129_80.1726193434.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=118c6a915d10227fc1c6fb6d3e414750d8ffcb71bea921efc4380a55dd6de33f&X-Amz-Date=20251210T021734Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:17:35.507] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:35.507] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:35.507] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:35.507] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:35.507] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:35.507] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:35.736] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13386_192-168-52-129_80.1726193434.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333055507, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13386, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:35.736] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:35.736] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:35.736] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:35.736] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:38.608] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24643 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61684.1727518187.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61684.1727518187.jsonl?X-Amz-Signature=11ec78202c25d947bb40f18d0816948532368a432ba356d96b1980eee8e82eab&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021738Z"} [2025-12-10 10:17:38.608] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:38.608] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:38.608] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:38.608] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:38.608] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:38.609] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:38.809] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID100_antsword_2.1.13_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_61684.1727518187.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333058609, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 61684, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:38.809] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:38.809] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:38.809] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:38.809] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:41.709] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25762 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62399_172-28-211-96_8080.1726642576.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62399_172-28-211-96_8080.1726642576.jsonl?X-Amz-Date=20251210T021741Z&X-Amz-Signature=8e12b1e2dc1e03b0468843e650dd17f767fd606a3048532a935ffe282058f89b&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:17:41.709] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:41.709] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:41.709] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:41.709] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:41.709] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:41.710] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:41.908] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62399_172-28-211-96_8080.1726642576.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333061710, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62399, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:41.908] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:41.908] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:41.908] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:41.908] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:44.813] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24644 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53626_192-168-112-135_443.1726625055.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53626_192-168-112-135_443.1726625055.jsonl?X-Amz-Date=20251210T021744Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7737133a4ba4a7f9221753d38818159add4f7d89219a4539becc2fea48f98e91&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:17:44.813] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:44.813] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:44.813] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:44.813] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:44.813] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:44.814] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:45.021] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53626_192-168-112-135_443.1726625055.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333064814, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53626, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999831590673547, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:45.021] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:45.021] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:45.021] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:45.021] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:47.914] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25405 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62477_172-28-211-96_8080.1726643244.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62477_172-28-211-96_8080.1726643244.jsonl?X-Amz-Expires=604800&X-Amz-Signature=8f08d26d482ab714443be850cf990db1373f5b975c3e452604bc7e86b3e40601&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021747Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:17:47.914] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:47.914] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:47.914] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:47.914] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:47.914] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:47.914] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:48.118] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID53_behinderv2.0.1_jsp_linux_http.pcap.TCP_172-28-208-1_62477_172-28-211-96_8080.1726643244.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333067914, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.28.208.1", "dest_ip": "172.28.211.96", "protocol": 6, "src_port": 62477, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:48.118] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:48.118] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:48.118] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:48.118] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:51.017] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25763 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53643_192-168-112-135_443.1726625086.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53643_192-168-112-135_443.1726625086.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=461d8b7070de1ef5f18698a6d6659c68a9e9f02503a3afdf488803edc9f02935&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021750Z"} [2025-12-10 10:17:51.017] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:51.017] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:51.017] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:51.017] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:51.017] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:51.018] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:51.224] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53643_192-168-112-135_443.1726625086.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333071018, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53643, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999869975982164, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:51.224] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:51.224] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:51.224] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:51.224] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:54.119] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25764 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53576_192-168-112-135_443.1726624911.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53576_192-168-112-135_443.1726624911.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021753Z&X-Amz-Signature=05d70385f03aebde7b2c1c4fd7bc20a9db0b00cd8025eba0fa915acdd2be7e28"} [2025-12-10 10:17:54.120] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:54.120] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:54.120] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:54.120] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:54.120] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:54.120] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:54.333] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53576_192-168-112-135_443.1726624911.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333074120, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53576, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999715293139834, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:54.333] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:54.333] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:54.333] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:54.333] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:17:57.222] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24645 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62806.1727519458.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62806.1727519458.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021756Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=80f6eada7f2b8a9fb91a1479d54d452f75bb8d9b0c8182518d24aeedd3b53edd&X-Amz-SignedHeaders=host"} [2025-12-10 10:17:57.222] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:17:57.223] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:17:57.223] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:17:57.223] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:17:57.223] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:17:57.223] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:17:57.430] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62806.1727519458.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333077223, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62806, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:17:57.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:17:57.430] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:17:57.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:17:57.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:00.325] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24646 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53562_192-168-112-135_443.1726624883.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53562_192-168-112-135_443.1726624883.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021759Z&X-Amz-Signature=6ab1d9899b5331a63f48a217812433c02cd501abd73564aef51f45063678c4db&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:18:00.325] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:00.325] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:00.326] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:00.326] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:00.326] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:00.326] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:00.533] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53562_192-168-112-135_443.1726624883.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333080326, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53562, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999805233362195, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:00.533] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:00.533] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:00.533] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:00.533] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:03.426] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25765 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63347.1727520052.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63347.1727520052.jsonl?X-Amz-Date=20251210T021802Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=ccd0300a683db1a038bf3b79809066136e2fba794de83db8007cc85b882a5542"} [2025-12-10 10:18:03.426] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:03.427] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:03.427] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:03.427] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:03.427] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:03.427] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:03.628] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID102_antsword_2.1.15_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_63347.1727520052.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333083427, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 63347, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:03.628] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:03.628] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:03.628] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:03.628] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:06.529] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25766 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53570_192-168-112-135_443.1726624884.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53570_192-168-112-135_443.1726624884.jsonl?X-Amz-Date=20251210T021806Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=710fcb183e68f5bdf548ff14366faac1209428b9878d80cd6892e0521675c0f7&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:18:06.530] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:06.530] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:06.530] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:06.530] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:06.530] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:06.530] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:06.831] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53570_192-168-112-135_443.1726624884.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333086531, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53570, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999700857372145, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:06.831] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:06.831] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:06.831] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:06.831] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:09.633] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24647 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53622_192-168-112-135_443.1726625040.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53622_192-168-112-135_443.1726625040.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021809Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2ffda85e69834040d57c9799cffea20c2cf67124da682bffe760d30edff1aedc"} [2025-12-10 10:18:09.633] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:09.633] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:09.633] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:09.633] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:09.633] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:09.634] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:09.827] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53622_192-168-112-135_443.1726625040.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333089634, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53622, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999862705092489, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:09.827] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:09.827] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:09.827] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:09.827] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:12.735] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25406 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_26048_192-168-37-136_8080.1727255460.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_26048_192-168-37-136_8080.1727255460.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3e4dc427bb2e3ec0177097b41f04134acdd2a39d35b613e826da833f1f5d70fe&X-Amz-Date=20251210T021812Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:18:12.735] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:12.735] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:12.735] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:12.735] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:12.735] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:12.736] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:12.930] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID90_antsword_2.1.11.1_jsp_http.pcap.TCP_192-168-37-1_26048_192-168-37-136_8080.1727255460.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333092736, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.1", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 26048, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:12.930] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:12.930] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:12.930] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:12.930] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:15.837] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25767 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53577_192-168-112-135_443.1726624914.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53577_192-168-112-135_443.1726624914.jsonl?X-Amz-Expires=604800&X-Amz-Signature=421e56baae417ff0b29d56f35254a8e97929b20dc5f2f9d1dbfe60c3569d9d4c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021815Z"} [2025-12-10 10:18:15.837] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:15.837] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:15.837] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:15.837] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:15.837] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:15.838] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:16.033] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https4.pcap.TCP_192-168-112-1_53577_192-168-112-135_443.1726624914.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333095838, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53577, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999983947391477, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:16.033] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:16.033] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:16.033] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:16.033] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:18.941] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25407 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53639_192-168-112-135_443.1726625081.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53639_192-168-112-135_443.1726625081.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021818Z&X-Amz-SignedHeaders=host&X-Amz-Signature=72243c69e491897d4396e3b75977ac3988946e7f13d1afaf9a9e133265300a1b"} [2025-12-10 10:18:18.941] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:18.941] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:18.941] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:18.941] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:18.941] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:18.942] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:19.145] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_http6.pcap.TCP_192-168-112-1_53639_192-168-112-135_443.1726625081.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333098942, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53639, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.999994170278134, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:19.145] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:19.145] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:19.145] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:19.145] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:22.045] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25408 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53623_192-168-112-135_443.1726625042.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53623_192-168-112-135_443.1726625042.jsonl?X-Amz-Expires=604800&X-Amz-Signature=62c86608616659665ef929f1a0cf31a5dce7c4eb430bd36763b4f970e7923587&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021821Z"} [2025-12-10 10:18:22.045] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:22.045] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:22.045] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:22.045] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:22.045] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:22.045] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:22.241] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID82_antsword_2.1.11.1_php_https5.pcap.TCP_192-168-112-1_53623_192-168-112-135_443.1726625042.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333102045, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.1", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 53623, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9999894116698116, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:22.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:22.241] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:22.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:22.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:25.146] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25409 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62804.1727519456.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62804.1727519456.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=6de62ebc935042d4736daeb8aee2a3816136844c1bc91039830dced6c5fae75f&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021824Z"} [2025-12-10 10:18:25.146] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:25.146] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:25.146] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:25.146] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:25.146] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:25.147] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:25.340] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID101_antsword_2.1.14_aspx_win10_http.pcap.TCP_192-168-42-130_80_192-168-42-130_62804.1727519456.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333105147, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.42.130", "dest_ip": "192.168.42.130", "protocol": 6, "src_port": 62804, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:25.340] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:25.340] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:25.340] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:25.340] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:28.286] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24648 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_IP.1727336159.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_IP.1727336159.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021827Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f07bc1dc6a38a214979ef79ec50924215ef339ff11b10bdfe09f0ca809660eaa"} [2025-12-10 10:18:28.286] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:28.286] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:28.287] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:28.287] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:28.287] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:28.287] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:28.548] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_IP.1727336159.jsonl|result:{"code": 1, "total_count": 66, "alert_count": 66, "abnormal_count": 66, "normal_count": 0, "timestamp": 1765333108288, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50484, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50452, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50476, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50438, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50464, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50492, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50450, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50473, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50491, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50432, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50454, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50441, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50460, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50466, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50433, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50443, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50477, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50458, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50485, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50453, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50479, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50465, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50468, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50471, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50457, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50448, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50459, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50487, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50488, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50472, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50497, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50440, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50467, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50462, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50444, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50494, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50478, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50480, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50483, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50463, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50486, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50445, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50474, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50481, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50495, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50442, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50449, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50451, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50493, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50469, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50437, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50456, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50470, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50461, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50436, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50446, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50439, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50447, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50490, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50496, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50435, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50489, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50434, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50455, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50475, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50482, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 66, "2_sum": 66, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:28.548] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 66|max_alert: 1000 [2025-12-10 10:18:28.548] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:28.548] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:28.548] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:31.417] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24649 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_IP.1727153689.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_IP.1727153689.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021830Z&X-Amz-Signature=eb44fbc121d872a26142c0ee2218c3095392d3eab16f0894233fa7dee4d78c14&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:18:31.417] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:31.417] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:31.417] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:31.417] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:31.417] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:31.417] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:31.674] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_IP.1727153689.jsonl|result:{"code": 1, "total_count": 27, "alert_count": 27, "abnormal_count": 27, "normal_count": 0, "timestamp": 1765333111417, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49376, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9976278309672408, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49392, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.973397704251437, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49385, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9831685557766816, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49390, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6437887536108795, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49380, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5554621813343249, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49391, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.905557907729525, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49384, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8238264827488067, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49393, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.992554157689113, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49394, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.74828943309364, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49395, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6122954802276773, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49398, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7640807026477342, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49399, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7901584399786458, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49400, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.942447030166031, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49401, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5006690306221482, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49397, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9979786569351574, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49381, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9787375062479386, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49388, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9413625605995193, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49383, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.985372814667335, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49377, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.934948872015937, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49382, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.955003478421508, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49375, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49378, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.45407316220415184, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49379, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7031090464673974, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49386, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9843800620701243, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49389, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5038564456500831, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49396, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9773441175127737, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49387, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9793288447536691, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:18:31.674] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 27|max_alert: 1000 [2025-12-10 10:18:31.674] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:31.674] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:31.674] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:34.524] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25410 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain2.1727337377.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain2.1727337377.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=4f5801c49246d21b337948a7fbca5b6c89427d9b84f249c173ba40cfbb45e8ad&X-Amz-Date=20251210T021834Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:18:34.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:34.524] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:34.524] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:34.524] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:34.524] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:34.524] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:34.767] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain2.1727337377.jsonl|result:{"code": 1, "total_count": 63, "alert_count": 63, "abnormal_count": 63, "normal_count": 0, "timestamp": 1765333114524, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52017, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51961, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51962, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51983, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51971, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51958, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51969, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51978, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51997, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52013, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51994, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52016, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52019, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51980, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51970, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51988, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52000, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51991, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52007, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52010, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52011, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52001, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51966, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51959, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52018, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52008, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51990, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52006, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51986, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51975, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51998, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52015, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51993, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51965, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51999, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51972, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51974, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51984, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52004, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52002, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51957, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52009, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52014, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51996, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51979, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51968, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51973, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51977, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52003, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52005, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51987, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52012, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51963, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51985, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51989, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51967, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51995, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51976, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51982, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51981, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51964, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51992, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51960, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:34.767] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 63|max_alert: 1000 [2025-12-10 10:18:34.767] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:34.767] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:34.767] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:37.682] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25411 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.1726642702.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.1726642702.jsonl?X-Amz-Date=20251210T021837Z&X-Amz-SignedHeaders=host&X-Amz-Signature=743c6736b5a9f697739aa39a3bbcae6630db6be323241478bdb65af3aa7b4dd8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:18:37.682] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:37.682] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:37.682] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:37.682] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:37.682] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:37.683] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:37.879] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.1726642702.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333117683, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49294, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9602321783515729, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:18:37.879] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:37.879] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:37.879] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:37.879] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:40.838] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25768 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49294.1726642702.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49294.1726642702.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=e578543a27d7444ab625aaecb50ddbe074406eb761b819d4e838c05943af65b4&X-Amz-Expires=604800&X-Amz-Date=20251210T021840Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:18:40.839] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:40.839] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:40.839] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:40.839] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:40.839] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:40.840] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:41.073] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49294.1726642702.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333120840, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49294, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9602321783515729, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:18:41.073] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:41.073] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:41.073] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:41.073] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:43.943] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25412 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain2.1727317242.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain2.1727317242.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T021843Z&X-Amz-Signature=cd22e0a7e7273a4a99ec3f92b32a9b170b96b5a07d37c00ad2b63c822ed6891b&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:18:43.943] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:43.943] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:43.943] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:43.943] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:43.943] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:43.944] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:44.197] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain2.1727317242.jsonl|result:{"code": 1, "total_count": 59, "alert_count": 59, "abnormal_count": 59, "normal_count": 0, "timestamp": 1765333123944, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49829, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49847, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49840, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49827, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49855, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49833, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49843, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49838, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49809, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49831, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49807, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49835, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49805, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49821, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49828, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49856, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49825, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49806, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49811, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49832, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49851, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49858, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49812, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49810, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49830, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49846, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49815, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49817, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49824, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49823, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49844, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49826, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49849, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49850, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49820, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49818, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49804, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49808, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49814, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49834, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49801, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49836, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49852, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49848, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49859, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49854, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49837, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49803, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49842, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49839, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49819, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49845, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49816, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49853, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49857, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49802, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49813, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49841, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49822, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 59, "2_sum": 59, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:44.197] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 59|max_alert: 1000 [2025-12-10 10:18:44.197] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:44.197] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:44.197] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:47.098] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24650 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.1726645602.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.1726645602.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021846Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=bfd7e45623dc92ff1d9afef56e7a510a6253cb25b9dcc2f331a99ea7736d373f&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:18:47.098] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:47.098] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:47.098] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:47.098] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:47.098] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:47.099] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:47.296] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.1726645602.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333127099, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49303, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9444643557189981, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:18:47.296] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:47.296] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:47.296] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:47.296] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:50.254] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24651 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49303.1726645602.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49303.1726645602.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T021849Z&X-Amz-Expires=604800&X-Amz-Signature=652ba9830ee89e15304e3cf371b0c6090127ba11d84d5df2f2fb796e1ba99fec&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:18:50.255] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:50.255] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:50.255] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:50.255] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:50.255] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:50.255] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:50.465] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49303.1726645602.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333130255, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49303, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9444643557189981, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:18:50.465] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:18:50.465] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:50.465] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:50.465] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:53.386] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25413 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_domain.1727156603.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_domain.1727156603.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021852Z&X-Amz-Expires=604800&X-Amz-Signature=e0bae9fb0666e04829af98803ffdacb78d97c51c2661cb43ca9db32622bd8092&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:18:53.387] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:53.387] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:53.387] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:53.387] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:53.387] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:53.387] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:53.640] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_domain.1727156603.jsonl|result:{"code": 1, "total_count": 25, "alert_count": 25, "abnormal_count": 25, "normal_count": 0, "timestamp": 1765333133387, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50329, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.958704615001943, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50313, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.5966672964634695, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50326, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.9934596360471903, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50330, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8523087665141738, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50310, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9634689604691851, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50306, "dest_port": 8001, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50320, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8021655423506808, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50323, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8036459500168494, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50325, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.7302994948401119, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50331, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.99099921455513, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50322, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8498700399594922, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50324, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.7740500401884959, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50317, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8321815792412194, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50319, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9744218358372663, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50309, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.7774946569530512, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50327, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.99004898471318, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50308, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.98582402511476, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50315, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.5371866072771162, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50307, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9971275769982026, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50311, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.728740398624775, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50314, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8842332866984993, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50316, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.5932800343351953, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50318, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.7860856928218103, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50328, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9754945217276421, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50321, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8960384278930974, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:18:53.640] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 25|max_alert: 1000 [2025-12-10 10:18:53.640] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:53.640] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:53.640] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:56.493] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24652 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain3.1727331322.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain3.1727331322.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=819f316001f718fae91f036fcb64adf97b3c490960b7b213bf29aea00b6e3375&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021856Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:18:56.493] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:56.493] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:56.493] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:56.493] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:56.493] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:56.494] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:56.735] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain3.1727331322.jsonl|result:{"code": 1, "total_count": 54, "alert_count": 54, "abnormal_count": 54, "normal_count": 0, "timestamp": 1765333136494, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51540, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51545, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51536, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51522, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51528, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51504, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51520, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51521, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51517, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51527, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51538, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51541, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51505, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51510, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51511, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51516, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51496, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51531, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51530, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51543, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51549, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51534, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51553, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51514, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51501, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51537, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51525, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51533, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51524, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51535, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51544, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51509, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51503, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51526, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51529, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51550, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51513, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51518, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51519, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51542, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51523, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51539, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51508, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51506, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51515, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51532, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51546, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51512, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51547, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51548, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51551, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51552, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51554, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51497, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:56.735] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 54|max_alert: 1000 [2025-12-10 10:18:56.735] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:56.735] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:56.735] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:18:59.601] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25769 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain1.1727322671.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain1.1727322671.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T021859Z&X-Amz-Signature=aa16085e34bb64753ca7a42acccde4bb126922640e5873ea0dbb31d4f2c9d3c6&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:18:59.601] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:18:59.601] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:18:59.601] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:18:59.601] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:18:59.601] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:18:59.602] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:18:59.837] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain1.1727322671.jsonl|result:{"code": 1, "total_count": 52, "alert_count": 52, "abnormal_count": 52, "normal_count": 0, "timestamp": 1765333139602, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51329, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51337, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51318, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51332, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51323, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51317, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51331, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51348, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51327, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51349, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51316, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51353, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51354, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51357, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51315, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51336, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51351, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51358, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51313, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51359, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51328, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51343, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51341, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51320, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51339, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51340, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51325, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51310, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51333, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51321, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51308, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51335, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51334, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51344, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51314, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51319, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51324, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51309, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51326, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51330, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51350, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51352, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51355, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51322, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51346, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51342, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51347, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51312, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51338, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51345, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51356, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51311, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 52, "2_sum": 52, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:18:59.838] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 52|max_alert: 1000 [2025-12-10 10:18:59.838] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:18:59.838] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:18:59.838] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:02.706] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25770 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_IP.1727321865.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_IP.1727321865.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=3bb9a87c75f854665b3153bab6de168d4267111fa5ec8e5194fe79471f4234c3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021902Z&X-Amz-Expires=604800"} [2025-12-10 10:19:02.706] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:02.706] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:02.706] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:02.707] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:02.707] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:02.707] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:02.943] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_IP.1727321865.jsonl|result:{"code": 1, "total_count": 49, "alert_count": 49, "abnormal_count": 49, "normal_count": 0, "timestamp": 1765333142707, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51040, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51024, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51064, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51048, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51060, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51022, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51037, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51062, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51021, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51049, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51051, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51042, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51066, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51031, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51059, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51055, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51028, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51050, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51061, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51068, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51035, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51044, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51007, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51032, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51030, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51043, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51071, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51046, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51052, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51006, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51033, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51047, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51058, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51070, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51057, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51056, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51036, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51034, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51041, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51065, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51038, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51027, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51023, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51045, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51069, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51039, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51063, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51029, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51067, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:19:02.943] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 49|max_alert: 1000 [2025-12-10 10:19:02.943] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:02.943] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:02.943] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:05.811] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24653 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain3.1727320842.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain3.1727320842.jsonl?X-Amz-Date=20251210T021905Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d3cccef06d20bf6ed19a711f611567c1b7e5bba93b6202f8bbdc5aaf8ac9d5b0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:19:05.811] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:05.811] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:05.811] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:05.811] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:05.811] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:05.812] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:06.045] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain3.1727320842.jsonl|result:{"code": 1, "total_count": 47, "alert_count": 47, "abnormal_count": 47, "normal_count": 0, "timestamp": 1765333145812, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50836, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50820, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50819, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50829, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50840, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50811, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50841, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50834, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50813, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50818, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50837, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50830, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50825, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50842, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50839, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50801, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50802, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50821, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50846, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50828, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50815, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50844, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50845, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50824, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50838, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50843, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50822, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50817, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50809, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50827, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50807, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50803, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50816, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50805, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50833, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50804, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50812, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50823, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50800, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50810, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50831, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50808, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50814, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50826, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50806, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50832, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50835, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:19:06.045] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 47|max_alert: 1000 [2025-12-10 10:19:06.045] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:06.045] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:06.045] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:08.953] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25771 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.1726645526.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.1726645526.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=d6554cb46084bb9173f934520532907120fe8a5ed883f2136978b4c57ad66cc2&X-Amz-Date=20251210T021908Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:19:08.953] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:08.953] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:08.954] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:08.954] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:08.954] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:08.954] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:09.152] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.1726645526.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333148954, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49302, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8959634024249302, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:19:09.152] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:09.152] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:09.152] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:09.152] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:12.133] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25772 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49302.1726645526.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49302.1726645526.jsonl?X-Amz-Expires=604800&X-Amz-Signature=497516219022145ac158d99cfb93107bf6d03b4b743bc83a20dd50f1a5a1f8a4&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021911Z"} [2025-12-10 10:19:12.133] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:12.133] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:12.133] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:12.133] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:12.133] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:12.134] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:12.367] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49302.1726645526.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333152134, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49302, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8959634024249302, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:19:12.367] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:12.367] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:12.367] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:12.367] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:15.238] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25414 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_IP.1727319482.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_IP.1727319482.jsonl?X-Amz-Signature=240b14d0cbad7812ad4fc9c2b20fe7cff506601ec6bea40e44d5e71e6c8dbcaf&X-Amz-Date=20251210T021914Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:19:15.238] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:15.238] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:15.238] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:15.238] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:15.238] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:15.239] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:15.470] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_IP.1727319482.jsonl|result:{"code": 1, "total_count": 43, "alert_count": 43, "abnormal_count": 43, "normal_count": 0, "timestamp": 1765333155239, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50513, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50523, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50538, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50525, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50544, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50520, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50527, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50514, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50542, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50505, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50532, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50504, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50540, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50531, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50508, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50539, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50535, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50541, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50545, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50546, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50517, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50507, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50506, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50533, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50524, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50529, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50530, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50543, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50534, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50521, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50515, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50516, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50526, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50536, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50528, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50537, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50509, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50519, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50518, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50510, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50522, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50512, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50511, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:19:15.470] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 43|max_alert: 1000 [2025-12-10 10:19:15.470] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:15.470] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:15.470] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:18.403] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25415 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.1726050485.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.1726050485.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021917Z&X-Amz-Expires=604800&X-Amz-Signature=437de03639c12f4cc8746f74bb4cc9123ab1eeec30a4f5df46e1a784b0dd45c3&X-Amz-SignedHeaders=host"} [2025-12-10 10:19:18.403] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:18.403] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:18.403] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:18.403] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:18.403] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:18.403] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:18.600] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.1726050485.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333158403, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50462, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.5368027392512583, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:19:18.600] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:18.600] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:18.600] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:18.600] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:21.570] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24654 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50462.1726050485.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50462.1726050485.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=62ee975c76d6709af5f2efa0fb4299be1e46a8287c640bb1b8017da623172690&X-Amz-Date=20251210T021921Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:19:21.570] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:21.570] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:21.570] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:21.570] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:21.570] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:21.570] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:21.769] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai4ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50462.1726050485.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333161570, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50462, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.5368027392512583, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:19:21.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:21.769] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:21.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:21.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:24.743] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25416 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.1726051351.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.1726051351.jsonl?X-Amz-Signature=0073743d479c321798e0b02ffe9da387aab909efefb14661bf84fb0c0fda862e&X-Amz-Date=20251210T021924Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:19:24.743] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:24.743] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:24.744] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:24.744] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:24.744] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:24.744] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:24.943] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.1726051351.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333164744, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50508, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.650362677828676, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:19:24.943] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:24.943] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:24.943] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:24.943] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:27.847] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24655 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain2.1727320559.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain2.1727320559.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c2ec28af057b651569b7b3b2cbabeb59cbd2df73fd2ea65739b5d41db3b15c34&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021927Z"} [2025-12-10 10:19:27.847] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:27.847] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:27.847] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:27.847] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:27.847] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:27.848] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:28.154] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain2.1727320559.jsonl|result:{"code": 1, "total_count": 47, "alert_count": 47, "abnormal_count": 47, "normal_count": 0, "timestamp": 1765333167848, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50779, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50780, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50767, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50773, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50749, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50763, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50778, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50748, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50794, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50751, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50756, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50764, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50787, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50750, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50768, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50781, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50791, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50786, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50762, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50769, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50775, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50783, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50753, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50758, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50770, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50782, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50765, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50772, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50776, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50771, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50766, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50760, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50761, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50774, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50777, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50784, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50752, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50785, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50754, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50789, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50757, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50759, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50790, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50788, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50792, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50793, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50755, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:19:28.154] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 47|max_alert: 1000 [2025-12-10 10:19:28.154] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:28.154] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:28.154] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:30.952] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25773 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_IP.1727318251.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_IP.1727318251.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T021930Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2959bb298397784094f5e8ffa9c724cdb40404f86f400da238d86249b9043c47"} [2025-12-10 10:19:30.952] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:30.952] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:30.953] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:30.953] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:30.953] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:30.953] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:31.183] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_IP.1727318251.jsonl|result:{"code": 1, "total_count": 43, "alert_count": 43, "abnormal_count": 43, "normal_count": 0, "timestamp": 1765333170953, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50166, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50153, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50178, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50168, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50172, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50179, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50181, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50187, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50184, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50189, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50165, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50190, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50148, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50173, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50182, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50169, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50175, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50170, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50157, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50167, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50152, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50151, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50186, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50183, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50161, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50188, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50155, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50159, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50154, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50162, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50171, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50160, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50174, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50158, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50147, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50180, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50156, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50150, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50164, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50185, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50191, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50192, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50163, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 43, "2_sum": 43, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:19:31.184] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 43|max_alert: 1000 [2025-12-10 10:19:31.184] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:31.184] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:31.184] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:34.126] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24656 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.1726049011.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.1726049011.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021933Z&X-Amz-SignedHeaders=host&X-Amz-Signature=540c823640a0f6a0e2631e3ea7703f48cf7caa8b4825faba57bdeec859de597a&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:19:34.126] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:34.126] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:34.126] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:34.126] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:34.126] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:34.127] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:34.324] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.1726049011.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333174127, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50375, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.42375601626036763, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:19:34.324] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:34.324] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:34.324] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:34.324] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:37.291] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25417 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50375.1726049011.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50375.1726049011.jsonl?X-Amz-Date=20251210T021936Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=39ba843a80ce0f4ce59e13e2b44142cbc2a59c97fa9295e86a4d119ae1a20cab"} [2025-12-10 10:19:37.291] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:37.291] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:37.291] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:37.291] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:37.291] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:37.292] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:37.494] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50375.1726049011.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333177292, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50375, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.42375601626036763, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:19:37.494] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:37.494] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:37.494] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:37.494] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:40.475] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25418 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_IP.1726235797.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_IP.1726235797.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021940Z&X-Amz-Signature=2a28e3f956a2ee167298a5d49789c2ed5c99e1580001d46d1c1340233d2c44ed&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:19:40.475] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:40.475] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:40.476] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:40.476] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:40.476] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:40.476] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:40.933] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_IP.1726235797.jsonl|result:{"code": 1, "total_count": 102, "alert_count": 102, "abnormal_count": 102, "normal_count": 0, "timestamp": 1765333180476, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50813, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7300520369971781, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50931, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5006269698884488, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50839, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6011794535310755, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50873, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5058611426764994, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50921, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7758339734246045, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50861, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6445276046314751, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50943, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6433022299937078, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50887, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7172416787955587, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50945, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7155346945100859, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50961, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5033218310660245, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50969, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7476527650571858, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50973, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5685477718727785, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50835, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6728480394226486, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50967, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7767430028461755, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50989, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5598396461229516, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50867, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5373007198887872, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50859, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9238512066358242, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50829, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9682184576258437, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50803, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6120274937700596, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50899, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7266182906234704, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50923, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6037852244484628, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50889, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6080592386242312, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50793, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7011584880602615, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50877, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6736774973218647, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50833, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6617233849900483, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50807, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6876854774371972, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50855, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5416790900361436, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50857, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6699960969484994, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50917, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6111576976117766, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50925, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5117180467241854, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50949, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6618336691742885, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50981, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6392845332149717, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50791, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6733907178912225, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50985, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9316355367300041, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50875, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5262032548089761, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50953, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5131332103613157, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50979, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6701340698167286, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50983, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5545960174442225, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50965, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5415679412483102, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50863, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5984173988981478, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50823, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6206036460160512, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50909, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6099981039197431, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50897, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7174637473492788, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50881, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6193376678712463, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50871, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7493676590293616, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50799, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5466615284323838, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50811, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6791630096236309, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50885, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7640050641119775, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50893, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6758668776421393, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50937, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7971194038955031, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50905, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5781170702871292, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50883, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6361978915004562, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50837, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9922358730694089, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50845, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8780569154840286, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50915, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6156197787226111, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50809, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9941808894514145, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50947, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6306230275051637, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50929, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5007243089821285, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50957, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7312698451653444, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50821, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9021330198267359, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50911, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8099944021551874, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50801, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.640443219591207, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50819, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.981265411988122, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50841, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5535644031487712, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50879, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7311322207988453, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50795, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6307855104098725, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50913, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5101702419060166, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50825, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6145701995895911, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50903, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5594410706346352, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50935, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5953326564224193, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50959, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5978018834022238, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50927, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5242750650792728, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50849, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6625414558800179, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50851, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8945154236307735, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50971, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6919968698491538, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50975, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6702012437623773, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50817, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7274411377617257, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50847, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6825058608684855, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50831, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5682749480968502, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50933, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5348415963188995, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50843, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.95864384571139, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50955, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.551179165767616, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50939, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6900383423465327, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50815, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.639325160896374, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50963, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5407785627355066, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50987, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7038126580697722, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50789, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6270958981426007, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50941, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5926142382543625, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50865, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5661591621450582, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50919, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8317657112122807, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50891, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.683456170356425, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50869, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9957288923966026, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50991, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9931025337621996, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50907, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6636155970055155, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50895, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5131515898212987, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50951, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6011035987134368, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50901, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.568835535940407, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50853, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5735383399212105, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50797, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6150799342310208, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50977, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7091951922619264, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50827, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.51267114059645, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50805, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8530921014260352, "2_count": 102, "2_sum": 102, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:19:40.933] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 102|max_alert: 1000 [2025-12-10 10:19:40.934] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:40.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:40.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:43.648] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25419 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.pcap.TCP_192-168-88-22_50050_192-168-88-28_50508.1726051351.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.pcap.TCP_192-168-88-22_50050_192-168-88-28_50508.1726051351.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021943Z&X-Amz-Signature=31d5a40c963bb5e3f8010f00f64943db7f5b39e49d2a2a8be08209fe9be9a859&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:19:43.648] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:43.648] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:43.648] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:43.648] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:43.648] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:43.649] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:43.847] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai6.pcap.TCP_192-168-88-22_50050_192-168-88-28_50508.1726051351.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333183649, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50508, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.650362677828676, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:19:43.847] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:43.847] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:43.847] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:43.847] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:46.818] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24657 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.1726050849.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.1726050849.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021946Z&X-Amz-Signature=f0881988bd7ea70a400944c0e523024fd7e2a80cb049695ec0b847d8a015293f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:19:46.818] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:46.818] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:46.818] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:46.818] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:46.818] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:46.819] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:47.051] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.1726050849.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333186819, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50486, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.2790395770669693, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:19:47.051] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:47.051] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:47.051] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:47.051] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:49.986] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24658 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50486.1726050849.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50486.1726050849.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=a166af013ac3ef8b20192092f706961f36de66c099732d4ec00fff7596fc3393&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T021949Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:19:49.986] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:49.986] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:49.986] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:49.986] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:49.986] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:49.986] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:50.194] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai6ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50486.1726050849.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333189986, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50486, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.2790395770669693, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:19:50.194] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:50.194] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:50.194] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:50.194] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:53.091] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25774 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain1.1727316562.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain1.1727316562.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021952Z&X-Amz-Signature=624b40cf7862483a0e29bb0f4634e8201d452a7a190d3a00c6db15bbbc50d819&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:19:53.091] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:53.091] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:53.092] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:53.092] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:53.092] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:53.092] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:53.323] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain1.1727316562.jsonl|result:{"code": 1, "total_count": 41, "alert_count": 41, "abnormal_count": 41, "normal_count": 0, "timestamp": 1765333193092, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49760, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49788, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49769, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49776, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49789, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49786, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49768, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49784, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49779, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49777, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49778, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49772, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49787, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49794, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49796, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49798, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49797, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49761, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49799, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49765, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49764, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49780, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49785, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49791, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49775, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49795, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49793, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49766, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49782, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49774, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49792, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49762, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49783, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49759, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49770, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49771, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49767, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49763, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49773, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49790, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49781, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:19:53.323] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 41|max_alert: 1000 [2025-12-10 10:19:53.323] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:53.323] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:53.323] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:56.243] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24659 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.1726642630.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.1726642630.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=760ac1dac470e3dba69198c5cd82389414f5eb8f7cba98765e07fde20d9b8c75&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T021955Z"} [2025-12-10 10:19:56.243] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:56.243] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:56.243] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:56.243] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:56.243] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:56.244] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:56.443] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.1726642630.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333196244, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49293, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9193778156522134, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:19:56.444] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:56.444] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:56.444] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:56.444] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:19:59.395] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24660 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49293.1726642630.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49293.1726642630.jsonl?X-Amz-Date=20251210T021958Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=f97df9c0b359b62b6ad46a9a1281d55380931ba5e394770cf5610b0ce6e055ec&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:19:59.395] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:19:59.395] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:19:59.395] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:19:59.395] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:19:59.395] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:19:59.396] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:19:59.598] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49293.1726642630.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333199396, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49293, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9193778156522134, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:19:59.598] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:19:59.598] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:19:59.598] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:19:59.598] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:02.559] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25420 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.1726046985.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.1726046985.jsonl?X-Amz-Signature=9df4a56a300151aa854b806015c21cf3a892b297578072207dc46b168bac50f0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022002Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:20:02.559] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:02.559] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:02.560] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:02.560] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:02.560] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:02.561] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:02.766] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.1726046985.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333202561, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50357, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6234711485019768, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:02.766] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:20:02.766] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:02.766] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:02.766] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:05.664] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25421 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain1.1727320318.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain1.1727320318.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022005Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3577a8fad0c79b6548201871d04b1f3aacb02faa45b1e858a58ccb29cb45b6e3&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:20:05.664] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:05.664] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:05.664] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:05.664] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:05.664] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:05.665] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:05.912] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID47-httpCS4.8_windowsserver2022_ubuntu_jdk_domain1.1727320318.jsonl|result:{"code": 1, "total_count": 36, "alert_count": 36, "abnormal_count": 36, "normal_count": 0, "timestamp": 1765333205665, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50725, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50718, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50721, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50707, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50719, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50709, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50714, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50702, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50737, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50739, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50713, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50733, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50729, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50716, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50730, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50742, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50740, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50734, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50711, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50741, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50717, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50724, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50736, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50735, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50727, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50703, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50715, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50720, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50738, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50731, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50732, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50722, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50712, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50723, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50710, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50726, "dest_port": 8100, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:20:05.912] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 36|max_alert: 1000 [2025-12-10 10:20:05.912] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:05.912] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:05.912] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:08.829] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24661 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50357.1726046985.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50357.1726046985.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022008Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1561695430c51da5fc96d7c9095e7466c571277762faa2f4afffd312d3578986"} [2025-12-10 10:20:08.829] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:08.829] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:08.829] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:08.829] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:08.829] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:08.830] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:08.984] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50357.1726046985.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333208830, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50357, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6234711485019768, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:08.984] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:20:08.984] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:08.984] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:08.984] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:12.001] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24662 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.1726051299.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.1726051299.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=8dde5f2e79984036cbb4eb46c3c4c3e9f3b70edef403dff43030bee15d881995&X-Amz-Expires=604800&X-Amz-Date=20251210T022011Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:20:12.001] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:12.001] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:12.001] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:12.001] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:12.001] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:12.002] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:12.158] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.1726051299.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333212002, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50506, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.5142833553629224, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:12.159] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:20:12.159] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:12.159] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:12.159] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:15.171] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25422 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.pcap.TCP_192-168-88-22_50050_192-168-88-28_50506.1726051299.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.pcap.TCP_192-168-88-22_50050_192-168-88-28_50506.1726051299.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b4c67cc091b5d018d06f4294c2cd7426fb67fc92e0774e9b59ff5d970708fe43&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022014Z"} [2025-12-10 10:20:15.171] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:15.171] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:15.171] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:15.171] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:15.171] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:15.171] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:15.380] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai5.pcap.TCP_192-168-88-22_50050_192-168-88-28_50506.1726051299.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333215171, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50506, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.5142833553629224, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:15.380] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:20:15.380] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:15.380] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:15.380] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:18.276] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25775 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_http.1726065194.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_http.1726065194.jsonl?X-Amz-Expires=604800&X-Amz-Signature=5240da8f96bdeb60c307f414e975e3c8764c31373c07c5b8647a5baa859057ac&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022017Z"} [2025-12-10 10:20:18.276] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:18.276] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:18.276] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:18.276] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:18.276] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:18.277] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:18.535] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_http.1726065194.jsonl|result:{"code": 1, "total_count": 55, "alert_count": 55, "abnormal_count": 55, "normal_count": 0, "timestamp": 1765333218277, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53838, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53862, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53827, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53871, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53832, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53850, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53835, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53839, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53842, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53843, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53845, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53818, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53861, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53847, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53841, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53854, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53820, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53873, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53864, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53872, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53828, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53840, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53825, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53823, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53848, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53834, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53851, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53829, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53836, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53852, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53853, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53855, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53865, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53824, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53833, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53837, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53822, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53831, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53830, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53860, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53863, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53856, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53866, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53867, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53868, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53849, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53870, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53826, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53844, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53819, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53846, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53821, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53857, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53859, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53858, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 55, "2_sum": 55, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:20:18.536] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 55|max_alert: 1000 [2025-12-10 10:20:18.536] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:18.536] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:18.536] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:21.426] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25423 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.1726642261.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.1726642261.jsonl?X-Amz-Signature=87986980e1179075c522c2c9cf9fb6c0d81771f1a1bb158bc736073ca9d3a111&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022020Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:20:21.426] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:21.426] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:21.426] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:21.426] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:21.426] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:21.427] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:21.665] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.1726642261.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333221427, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49292, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.879674588176313, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:21.665] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:20:21.665] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:21.665] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:21.665] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:24.579] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24663 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49292.1726642261.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49292.1726642261.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2bd2deb8b4da4402293567bd935ac1f94facf6bebf48a4bf5f82211dda498bfb&X-Amz-Date=20251210T022024Z"} [2025-12-10 10:20:24.580] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:24.580] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:24.580] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:24.580] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:24.580] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:24.580] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:24.785] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domain4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49292.1726642261.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333224580, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49292, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.879674588176313, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:24.785] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:20:24.785] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:24.785] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:24.785] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:27.703] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25424 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_domain.1727156056.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_domain.1727156056.jsonl?X-Amz-Signature=0792329739c4228a74ec036ee60df783e303fa473b3ca9ea215a6a77ca4199d9&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022027Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:20:27.703] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:27.703] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:27.703] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:27.703] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:27.703] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:27.704] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:27.957] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_domain.1727156056.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765333227704, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50252, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.959619540756816, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50262, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.6534341140937984, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50259, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9595244237312814, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50244, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9593468344435695, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50249, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9233846845974968, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50256, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8477372842944235, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50260, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9390402271006678, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50261, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.7692644950533362, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50250, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9320583916030145, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50257, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.8525560281790904, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50253, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9641754451476029, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50248, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9963515801867898, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50255, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9420132882437707, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50246, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.916921649353848, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50251, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.997416220882397, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50258, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.7663309957563321, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50254, "dest_port": 5443, "y_pred": 3, "y_pred_proba_max": 0.9572836760424767, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50243, "dest_port": 8001, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50247, "dest_port": 5443, "y_pred": 1, "y_pred_proba_max": 0.8969798417828733, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:20:27.957] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-10 10:20:27.957] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:27.957] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:27.957] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:30.806] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25425 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_http.1726065730.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_http.1726065730.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=9a11e5d78ae43231b9b57af7b597e67a2492544c55108d8f4d1547f7371818b4&X-Amz-Date=20251210T022030Z"} [2025-12-10 10:20:30.806] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:30.806] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:30.807] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:30.807] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:30.807] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:30.807] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:30.991] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_http.1726065730.jsonl|result:{"code": 1, "total_count": 44, "alert_count": 44, "abnormal_count": 44, "normal_count": 0, "timestamp": 1765333230807, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53957, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53985, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53970, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53994, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53978, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53976, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53964, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53999, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53983, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53966, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53965, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53971, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53992, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53959, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53991, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53987, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53975, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53962, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53956, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53977, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53995, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53981, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53972, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53963, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53990, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53982, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53968, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53984, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53996, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53967, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53986, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53969, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53960, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53974, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53998, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53988, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53997, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53993, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53958, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53973, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53961, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53979, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53989, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53980, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:20:30.991] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 44|max_alert: 1000 [2025-12-10 10:20:30.991] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:30.991] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:30.991] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:33.980] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25426 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.1726051154.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.1726051154.jsonl?X-Amz-Expires=604800&X-Amz-Signature=82276a35c899678b1a0564e51801f7872942b9d8f322495162725431162eb2cf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022033Z"} [2025-12-10 10:20:33.980] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:33.980] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:33.980] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:33.980] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:33.980] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:33.981] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:34.134] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.1726051154.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333233981, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50500, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9305351053377865, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:34.134] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:20:34.134] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:34.134] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:34.134] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:37.156] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25776 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.pcap.TCP_192-168-88-22_50050_192-168-88-28_50500.1726051154.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.pcap.TCP_192-168-88-22_50050_192-168-88-28_50500.1726051154.jsonl?X-Amz-Signature=597bf72252b3603dec4b9f54ca9842cf6a54ff52ab5efca76abb7bb0b3236ae0&X-Amz-Date=20251210T022036Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:20:37.156] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:37.156] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:37.156] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:37.156] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:37.156] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:37.157] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:37.312] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_domain_mogai4.pcap.TCP_192-168-88-22_50050_192-168-88-28_50500.1726051154.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333237157, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50500, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9305351053377865, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:37.312] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:20:37.312] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:37.312] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:37.312] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:40.321] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25427 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.1726052724.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.1726052724.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022039Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=90ded3ae36396e05cdc39492a2c75869625442979b3f05d22ce649acf6de1623"} [2025-12-10 10:20:40.321] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:40.321] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:40.321] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:40.321] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:40.322] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:40.322] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:40.477] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.1726052724.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333240322, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50569, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.825496045424889, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:40.477] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:20:40.477] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:40.477] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:40.477] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:43.487] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24664 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50569.1726052724.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50569.1726052724.jsonl?X-Amz-Expires=604800&X-Amz-Signature=fd15ba6b8cd2955af1073adb71d607ac087bb407ceafa333ce5c171fc6589f9d&X-Amz-Date=20251210T022042Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:20:43.487] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:43.487] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:43.487] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:43.487] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:43.487] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:43.487] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:43.646] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50569.1726052724.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333243487, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50569, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.825496045424889, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:43.646] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:20:43.646] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:43.646] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:43.646] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:46.590] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25428 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_IP.1726074074.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_IP.1726074074.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022046Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=6095081282d0b943f8390cae1d76f9f51c3f7119d5d0b23ba92f8667c0854740"} [2025-12-10 10:20:46.590] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:46.590] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:46.590] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:46.590] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:46.590] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:46.590] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:46.771] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_IP.1726074074.jsonl|result:{"code": 1, "total_count": 41, "alert_count": 41, "abnormal_count": 41, "normal_count": 0, "timestamp": 1765333246591, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49591, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49617, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49583, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49594, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49612, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49614, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49604, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49618, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49585, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49581, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49603, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49607, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49611, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49615, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49582, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49609, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49587, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49592, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49599, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49586, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49580, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49593, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49595, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49597, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49584, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49588, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49589, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49600, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49601, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49602, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49605, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49606, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49610, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49616, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49620, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49608, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49619, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49590, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49596, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49598, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49613, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 41, "2_sum": 41, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:20:46.771] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 41|max_alert: 1000 [2025-12-10 10:20:46.771] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:46.771] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:46.771] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:49.713] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25429 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_tls1.2.1727150401.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_tls1.2.1727150401.jsonl?X-Amz-Expires=604800&X-Amz-Signature=21df481a0b7597c6732b2e48625687c53b2ccaf16dd948e14082c4c0149209e2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022049Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:20:49.713] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:49.713] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:49.713] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:49.713] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:49.713] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:49.713] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:49.913] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_tls1.2.1727150401.jsonl|result:{"code": 1, "total_count": 25, "alert_count": 25, "abnormal_count": 25, "normal_count": 0, "timestamp": 1765333249713, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55499, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9919847249709668, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55507, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8479151318333323, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55522, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9020602784234748, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55511, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.7518017274933435, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55519, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9244030807030922, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55502, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6220932406878601, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55508, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9205926825128992, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55513, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9884574425876593, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55503, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8344600485778059, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55526, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9999489778368087, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55527, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.877067819234317, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55521, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.683175538381093, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55501, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5884585896065077, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55492, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.978410510477356, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55524, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9081297363527804, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55504, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.953287405158099, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55516, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.4861439463511227, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55512, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9996637986661145, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55509, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9788484568353747, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55500, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9732125747830981, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55520, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9560234754077196, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55491, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55510, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9705696709660471, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55523, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9104551980051244, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55506, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9985808806330831, "2_count": 25, "2_sum": 25, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:20:49.913] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 25|max_alert: 1000 [2025-12-10 10:20:49.913] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:49.913] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:49.913] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:52.886] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25777 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1727226931.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1727226931.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=49e8e05601bcda438a646f67b78cfbea80f0dbee375bd824390ce11ae4dd354c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022052Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:20:52.886] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:52.886] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:52.886] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:52.886] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:52.886] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:52.887] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:53.073] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_IP.1727226931.jsonl|result:{"code": 1, "total_count": 15, "alert_count": 15, "abnormal_count": 15, "normal_count": 0, "timestamp": 1765333252887, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49265, "dest_port": 11111, "y_pred": 3, "y_pred_proba_max": 0.9601105095785656, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49272, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.9707353194610456, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49275, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.7875185270297703, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49266, "dest_port": 11111, "y_pred": 3, "y_pred_proba_max": 0.7928496912722264, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49274, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.7184302788435447, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49268, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.6657972492085006, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49267, "dest_port": 11111, "y_pred": 3, "y_pred_proba_max": 0.8337586644016376, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49273, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.5041510196558787, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49276, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.9491400775322728, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49264, "dest_port": 11111, "y_pred": 3, "y_pred_proba_max": 0.9936836379118769, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49277, "dest_port": 11111, "y_pred": 3, "y_pred_proba_max": 0.5128746069253521, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49263, "dest_port": 11111, "y_pred": 2, "y_pred_proba_max": 0.37444461013879377, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49270, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.9708728045951633, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49271, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.8185803805228302, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49269, "dest_port": 11111, "y_pred": 1, "y_pred_proba_max": 0.8393059320300892, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:20:53.073] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 15|max_alert: 1000 [2025-12-10 10:20:53.073] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:53.073] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:53.073] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:56.059] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25778 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_domain.1726234603.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_domain.1726234603.jsonl?X-Amz-Date=20251210T022055Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e855d8ea22d98c168fae2352e52cea95484678c1f17ebd4fa14f982e778c0688&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:20:56.059] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:56.059] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:56.059] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:56.059] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:56.059] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:56.059] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:56.442] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_domain.1726234603.jsonl|result:{"code": 1, "total_count": 94, "alert_count": 94, "abnormal_count": 94, "normal_count": 0, "timestamp": 1765333256060, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50468, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6513722053428411, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50585, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6089348955376772, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50555, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6512039867902256, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50576, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5355961317148258, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50506, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6978935829835408, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50592, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9091830877160461, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50530, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.946590779339558, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50559, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5478386206218998, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50549, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5284025496324434, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50550, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5250504310741484, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50556, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5146164051483021, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50561, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5366583512548987, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50563, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5103206769427894, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50526, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7203827601690431, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50504, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5818813931499597, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50474, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5566800330035623, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50573, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7623525473337257, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50575, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5666452912618911, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50583, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8199397298735734, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50588, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5927381274667691, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50594, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6723412834076596, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50490, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9120933472949622, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50502, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7284729223119077, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50534, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5378820905522878, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50466, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.603219252838853, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50500, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7423317379371447, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50581, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7687144267248721, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50524, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6367329819993311, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50518, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5144408930574429, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50470, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7598104966549866, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50546, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9611852689744803, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50567, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7356269739626181, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50568, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9855319165742619, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50578, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5073603272821163, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50589, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6058266327383802, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50486, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5024617412979367, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50464, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5679205309295502, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50542, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7132749215115843, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50548, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9530085997090098, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50552, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8427121700328722, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50587, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5509229506867698, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50520, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.970493896336863, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50536, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.692728785477992, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50577, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8152466674948295, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50484, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6193696143794897, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50476, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8704262128833964, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50498, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5725934640769793, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50508, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8280642098816874, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50558, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.563914018789891, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50547, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9538026490312367, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50551, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8255033610057049, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50488, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5212420918696118, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50586, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.78137373685343, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50590, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5889019634149381, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50528, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5597474272891048, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50478, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9640325880280208, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50571, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8132972843039014, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50522, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7257603507282762, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50593, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9526014311214747, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50595, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7069885543938568, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50510, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5175364587970658, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50472, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7741656272533926, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50574, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6441286676673514, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50560, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5627458172166783, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50480, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7891287316985423, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50512, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.551792927266406, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50564, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7798580818209263, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50543, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8264696595255264, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50566, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6324865600531105, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50570, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7283697743813531, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50554, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.547148693914978, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50494, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8099670653693599, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50496, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8438746732113691, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50532, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6355392877740413, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50565, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7324513125433934, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50492, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9979163560079994, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50514, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8353560628238008, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50562, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6726637272613716, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50516, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6487260101291292, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50540, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9112056124995072, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50545, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6991838598288953, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50553, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5641488525719499, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50572, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.675479520231925, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50579, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.619060314149335, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50580, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5088205928391716, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50582, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6357867694333225, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50596, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8955213457812187, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50482, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5732007657091788, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50591, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7616824572498813, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50557, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.609785407538359, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50569, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6621893488977376, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50544, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.967760317468009, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50584, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.49984716327961465, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50538, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5042321957324439, "2_count": 94, "2_sum": 94, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:56.442] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 94|max_alert: 1000 [2025-12-10 10:20:56.442] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:56.442] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:56.442] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:20:59.209] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24665 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.1726640423.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.1726640423.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022058Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=a4f93b227b62dd3063aca367a8b5f24a652797d3ae66718498432875d9f2b45b"} [2025-12-10 10:20:59.209] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:20:59.209] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:20:59.209] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:20:59.209] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:20:59.209] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:20:59.210] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:20:59.365] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.1726640423.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333259210, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49277, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8935787646173557, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:20:59.365] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:20:59.365] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:20:59.365] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:20:59.365] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:02.358] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25779 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49277.1726640423.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49277.1726640423.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2ae67da016d9bc2c025062eb3d8304746230a04fd1ed5b2ec7007eb58c6cd4d1&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022101Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:21:02.358] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:02.358] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:02.358] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:02.358] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:02.358] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:02.358] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:02.517] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49277.1726640423.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333262358, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49277, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8935787646173557, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:21:02.517] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:21:02.517] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:02.517] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:02.517] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:05.462] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25780 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain.1726132924.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain.1726132924.jsonl?X-Amz-Date=20251210T022104Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=87771a10d0d3b58f5153996629675c1882d262ecbc2e1937b6cca08813247db3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:21:05.462] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:05.462] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:05.462] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:05.463] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:05.463] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:05.463] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:05.638] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain.1726132924.jsonl|result:{"code": 1, "total_count": 29, "alert_count": 29, "abnormal_count": 29, "normal_count": 0, "timestamp": 1765333265463, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49219, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49233, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49220, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49236, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49231, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49217, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49214, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49241, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49223, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49229, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49227, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49237, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49240, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49225, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49239, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49232, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49235, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49215, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49234, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49224, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49228, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49242, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49221, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49226, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49230, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49222, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49218, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49216, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49238, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:21:05.638] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 29|max_alert: 1000 [2025-12-10 10:21:05.638] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:05.638] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:05.638] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:08.567] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25430 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain1.1727161160.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain1.1727161160.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022108Z&X-Amz-Expires=604800&X-Amz-Signature=ab39feaf2f0abc122fd2301bd36d388118b7c2c62587d1fc32f7ac7e2c92e0a8"} [2025-12-10 10:21:08.567] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:08.567] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:08.568] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:08.568] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:08.568] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:08.568] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:08.788] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_domain1.1727161160.jsonl|result:{"code": 1, "total_count": 26, "alert_count": 26, "abnormal_count": 26, "normal_count": 0, "timestamp": 1765333268568, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49250, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49272, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49263, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49264, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49254, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49273, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49259, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49274, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49269, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49257, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49253, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49249, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49270, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49258, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49265, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49252, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49268, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49260, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49255, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49256, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49261, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49266, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49267, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49251, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49271, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49262, "dest_port": 13392, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 26, "2_sum": 26, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:21:08.788] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 26|max_alert: 1000 [2025-12-10 10:21:08.788] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:08.788] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:08.788] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:11.595] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25431 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_domain.1726074530.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_domain.1726074530.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022111Z&X-Amz-Signature=4cd32fb4dec422e277b651603ca25d0d2f907c939910e4a1b71cb419e6a68726&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:21:11.595] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:11.595] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:11.595] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:11.595] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:11.595] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:11.596] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:11.764] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID10-httpCS4.8_win8.1_kali_openjdk_domain.1726074530.jsonl|result:{"code": 1, "total_count": 22, "alert_count": 22, "abnormal_count": 22, "normal_count": 0, "timestamp": 1765333271596, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49659, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49667, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49671, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49674, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49662, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49657, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49661, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "23.6.178.36", "protocol": 6, "src_port": 49670, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49660, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49664, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49672, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49656, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49669, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49668, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "184.28.50.138", "protocol": 6, "src_port": 49673, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49666, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49655, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49653, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49663, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49658, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49665, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49654, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:21:11.764] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 22|max_alert: 1000 [2025-12-10 10:21:11.764] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:11.764] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:11.764] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:14.697] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25432 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_IP.1726074931.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_IP.1726074931.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022114Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=eed9e214fced4291647ec0e91fd7534a8d8f54a8d7ef90a831750333ced36861"} [2025-12-10 10:21:14.697] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:14.697] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:14.697] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:14.697] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:14.697] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:14.698] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:14.867] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_IP.1726074931.jsonl|result:{"code": 1, "total_count": 24, "alert_count": 24, "abnormal_count": 24, "normal_count": 0, "timestamp": 1765333274698, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49721, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49723, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49727, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49728, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49735, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49734, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49737, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49716, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49738, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49732, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49717, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49719, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49722, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49725, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49720, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49730, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49731, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49718, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49724, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49729, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49733, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49736, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49739, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49726, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:21:14.867] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 24|max_alert: 1000 [2025-12-10 10:21:14.867] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:14.867] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:14.867] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:17.869] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24666 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_domain.1726230460.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_domain.1726230460.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=6fcf8bffc5e18360bacd74ea3afc5a4729eb4c9b052b9b168195fce145424a2b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022117Z&X-Amz-Expires=604800"} [2025-12-10 10:21:17.869] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:17.869] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:17.869] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:17.869] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:17.869] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:17.869] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:18.198] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_domain.1726230460.jsonl|result:{"code": 1, "total_count": 90, "alert_count": 90, "abnormal_count": 90, "normal_count": 0, "timestamp": 1765333277869, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49465, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7601390104922476, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49514, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6642862606437206, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49529, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6563250061570197, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49492, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6153417684302692, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49457, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.682120491564812, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49470, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7307834057424551, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49501, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7722971478788869, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49503, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6661850386831465, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49522, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6663533911925095, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49452, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5824815831248397, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49480, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6975985663579318, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49443, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5815255122524343, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49467, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7175003227798448, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49468, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.991424703098734, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49445, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5022010760095998, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49460, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7345915618399619, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49485, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5396349590131616, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49493, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5453117199121083, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49494, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5894361588722348, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49458, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6204198361499252, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49525, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6579941274407572, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49518, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6303482610664398, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49488, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6616371768840189, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49484, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6817420112712123, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49471, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6443961464301183, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49531, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6168154502485174, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49464, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9725273986502229, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49510, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5148096984077899, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49511, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5402362624752578, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49462, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6575650333457976, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49473, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5472655616410581, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49515, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6992166048822275, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49519, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5533439031860232, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49478, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5464312476939353, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49455, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5154830697824938, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49461, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.695573505717408, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49474, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6793304625309812, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49453, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5083155836842734, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49489, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7220707948083799, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49509, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5323659322918523, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49449, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.75274523507748, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49456, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7113504543518123, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49475, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9670619280029501, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49481, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7767141245395189, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49499, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5528003035167757, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49476, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5875019532739597, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49486, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6369198273676046, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49506, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.706125616473185, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49498, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6268955225011414, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49524, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7484934829667146, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49528, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7413833303354331, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49497, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5826337556096496, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49532, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9867898615092959, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49530, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.606946734191249, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49521, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5315625832236843, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49507, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5641175068064324, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49516, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.607980260209452, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49446, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6819932509013528, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49520, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5256540631220632, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49491, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.590021371494072, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49513, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.659217037147992, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49459, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9762049068847556, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49505, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6566182337069786, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49508, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5529891203143705, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49466, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6213956143147675, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49454, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5124936847947613, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49448, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6200626202805145, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49469, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5539180304264643, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49483, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9920394507196982, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49504, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5379185287947265, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49512, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6591209109714081, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49526, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6919893005821942, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49482, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6123162487085643, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49523, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5342119033905562, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49527, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.607901017980649, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49447, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9922254502108101, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49490, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6812331374457752, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49441, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6546824185167645, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49502, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6838795189887472, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49450, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5338028945587453, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49500, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7649039296093657, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49479, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7045751573267934, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49517, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5014922349484835, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49451, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5289609510416242, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49472, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7855186115373806, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49496, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5566837274198926, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49477, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8043759669497067, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49463, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.596358860579432, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49487, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5472639091892713, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49495, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5871797644337234, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:21:18.198] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 90|max_alert: 1000 [2025-12-10 10:21:18.198] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:18.198] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:18.198] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:20.972] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25433 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_IP.1727226754.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_IP.1727226754.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=49189cb9e3ef45a7b1eb68ff0c560be9c76e8edc8eb00db01cb59359994d7f4a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022120Z"} [2025-12-10 10:21:20.972] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:20.972] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:20.973] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:20.973] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:20.973] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:20.973] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:21.186] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_IP.1727226754.jsonl|result:{"code": 1, "total_count": 22, "alert_count": 22, "abnormal_count": 22, "normal_count": 0, "timestamp": 1765333280973, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49222, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49219, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49228, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49230, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49227, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49231, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49234, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49237, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49226, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49221, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49229, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49232, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49224, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49236, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49239, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49220, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49223, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49225, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49240, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49233, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49238, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49235, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:21:21.186] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 22|max_alert: 1000 [2025-12-10 10:21:21.186] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:21.186] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:21.186] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:24.076] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25434 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP1.1727160805.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP1.1727160805.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022123Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=5702616eb76498c68c90bf147e737e9a201e57838440a287d55e3803b7f5fd84"} [2025-12-10 10:21:24.076] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:24.076] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:24.077] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:24.077] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:24.077] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:24.077] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:24.297] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP1.1727160805.jsonl|result:{"code": 1, "total_count": 23, "alert_count": 23, "abnormal_count": 23, "normal_count": 0, "timestamp": 1765333284077, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49212, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49220, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49199, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49204, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49203, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49215, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49206, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49219, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49198, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49210, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49200, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49208, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49209, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49205, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49211, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49201, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49217, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49207, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49218, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49213, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49214, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49216, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49202, "dest_port": 11112, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 23, "2_sum": 23, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:21:24.297] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 23|max_alert: 1000 [2025-12-10 10:21:24.297] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:24.297] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:24.297] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:27.178] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24667 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_IP.1726072543.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_IP.1726072543.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=828fec23b2cdf8f7f989e14687884f0a244c5d1b9b486c788238582d0ea36c99&X-Amz-Date=20251210T022126Z"} [2025-12-10 10:21:27.178] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:27.178] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:27.178] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:27.178] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:27.178] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:27.179] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:27.382] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_IP.1726072543.jsonl|result:{"code": 1, "total_count": 23, "alert_count": 23, "abnormal_count": 23, "normal_count": 0, "timestamp": 1765333287179, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49449, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49453, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49455, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "150.171.28.10", "protocol": 6, "src_port": 49241, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49464, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49468, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49459, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49460, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49457, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49462, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49463, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49467, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49447, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49450, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49448, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49454, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49461, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49456, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49458, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49465, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49451, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49452, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49466, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:21:27.382] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 23|max_alert: 1000 [2025-12-10 10:21:27.382] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:27.382] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:27.382] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:30.362] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25781 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.1726052256.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.1726052256.jsonl?X-Amz-Date=20251210T022129Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=5f0caf569a20bd636c395266c8702c2cd3d635f268f85921cc289171efaa8773&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:21:30.362] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:30.362] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:30.362] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:30.362] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:30.362] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:30.362] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:30.520] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.1726052256.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333290363, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50549, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8492959321830071, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:21:30.521] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:21:30.521] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:30.521] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:30.521] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:33.524] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25435 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.1726641744.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.1726641744.jsonl?X-Amz-Signature=a61b2e11b9c805fd54d439302c96ab0a6bd93c044b51d4964d361947f9dceed6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022133Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:21:33.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:33.524] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:33.524] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:33.524] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:33.524] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:33.524] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:33.678] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.1726641744.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333293524, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49290, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8777284509713295, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:21:33.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:21:33.678] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:33.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:33.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:36.672] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25436 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49290.1726641744.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49290.1726641744.jsonl?X-Amz-Date=20251210T022136Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=74dd6a57bff8a770348992492fcade518cdbdfd01420c3a6990fe87abcb2d891&X-Amz-SignedHeaders=host"} [2025-12-10 10:21:36.672] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:36.672] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:36.672] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:36.672] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:36.672] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:36.672] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:36.833] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49290.1726641744.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333296672, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49290, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8777284509713295, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:21:36.833] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:21:36.833] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:36.833] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:36.833] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:39.816] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24668 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50549.1726052256.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50549.1726052256.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=aa67edefb939e6f72f1519efc6f6f0f42edf5f5931bb0aba550979740794fa78&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022139Z"} [2025-12-10 10:21:39.816] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:39.816] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:39.816] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:39.816] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:39.816] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:39.816] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:39.982] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50549.1726052256.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333299816, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50549, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8492959321830071, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:21:39.982] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:21:39.982] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:39.982] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:39.982] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:42.984] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25782 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_domain.1726236552.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_domain.1726236552.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022142Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=17eec7fa2a214bf9ec93b0a165913470309b4468cc997500f71e62c2fc387b29&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:21:42.984] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:42.984] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:42.984] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:42.984] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:42.984] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:42.985] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:43.335] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID39-tls1.2CS4.8_windowsserver2008R2_ubuntu_jdk_domain.1726236552.jsonl|result:{"code": 1, "total_count": 90, "alert_count": 90, "abnormal_count": 90, "normal_count": 0, "timestamp": 1765333302985, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51376, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8347741106371109, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51392, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5182159599943675, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51416, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9824235720224288, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51423, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.729258416520846, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51436, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.918583878800292, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51364, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5159812346109576, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51440, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7189929318211459, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51424, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5519351741871237, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51312, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6734190119775048, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51400, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7184670774761085, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51324, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5039576597456624, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51342, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6165398056635369, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51344, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9927495624786069, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51429, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5489358598047054, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51328, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5362628335612337, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51452, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8542808420811819, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51362, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9243937567511127, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51444, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5689669749614265, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51442, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7064533890274473, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51447, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5252912989087726, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51420, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6130535942857759, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51422, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7552403728617595, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51374, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.770036275709574, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51330, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5559702533665464, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51332, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7245359046778231, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51386, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8601014616454727, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51431, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7336579305789526, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51322, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6012791940143964, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51316, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5860054587632569, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51406, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5867775161085178, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51450, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8031181644481512, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51356, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6236045882243191, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51454, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.726360335840861, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51390, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.661523523406917, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51370, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8118931594784338, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51352, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.684233490494642, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51340, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5613004594768036, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51320, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9949454835370803, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51394, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5643594079789483, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51318, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.544471568308583, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51354, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6758381458412803, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51441, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5569243695678362, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51336, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9979460988356845, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51382, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5409098129599171, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51378, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8726666891810971, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51388, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5202683248737405, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51418, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6677071382398372, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51446, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9497314686322079, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51428, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5688012678160036, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51448, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6077268354601754, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51455, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6587788184298815, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51334, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6127407946951313, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51338, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5727862990526253, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51398, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6957457672108931, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51358, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6669310964883991, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51348, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5987912796845684, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51410, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7151713818375162, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51433, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5470748257606949, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51408, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.625162396821717, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51426, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5875052502067546, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51434, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6719150723445916, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51439, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6355764444341245, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51350, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5522919826985178, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51366, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5591067532865295, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51368, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8570694449630251, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51414, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.611002406814032, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51443, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6085357449663986, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51445, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.705933990966164, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51380, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7851350207439267, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51396, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5617204323198931, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51314, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6724818350650889, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51402, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9119743907911747, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51425, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5372299788246396, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51346, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7741569806267606, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51427, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6215147128944174, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51435, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8244751246801969, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51404, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7573675986377141, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51437, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6539839260359753, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51438, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6816617389528793, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51449, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6293177743657515, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51453, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5269543570214478, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51372, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7092782953274414, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51432, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7425973885718423, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51360, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5623515585566103, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51384, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5619324389005113, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51430, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7457409516726554, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51326, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5351507584216124, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51412, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7135545614189165, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51456, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8811388108992803, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 51451, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7076495761693308, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:21:43.335] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 90|max_alert: 1000 [2025-12-10 10:21:43.335] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:43.335] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:43.335] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:46.135] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25437 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.1726640366.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.1726640366.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T022145Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=1c6bd5abe066968be815614fe8191f2b624826f03ce656d58af11a8b2418be39"} [2025-12-10 10:21:46.135] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:46.135] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:46.136] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:46.136] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:46.136] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:46.136] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:46.292] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.1726640366.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333306136, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49276, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6770707303795201, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:21:46.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:21:46.292] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:46.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:46.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:49.282] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25438 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49276.1726640366.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49276.1726640366.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T022148Z&X-Amz-Signature=de9d9b87d1324a0b984c80c708c20c611b00844eb74014120f8eada32b2a07b4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:21:49.283] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:49.283] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:49.283] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:49.283] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:49.283] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:49.283] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:49.480] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49276.1726640366.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333309283, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49276, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6770707303795201, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:21:49.480] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:21:49.480] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:49.480] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:49.480] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:52.385] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25439 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_domain.1726072874.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_domain.1726072874.jsonl?X-Amz-Signature=c809bf4580fca514df8e4ca6804d7301b1a34ca581c36b0d61e3837fddaa05ae&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022151Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:21:52.385] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:52.385] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:52.385] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:52.385] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:52.385] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:52.386] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:52.557] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID12-httpCS4.8_win8.1_ubuntu_openjdk_domain.1726072874.jsonl|result:{"code": 1, "total_count": 18, "alert_count": 18, "abnormal_count": 18, "normal_count": 0, "timestamp": 1765333312386, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49507, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49519, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49510, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49515, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49506, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49508, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49518, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49517, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49509, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49513, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49502, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49514, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49505, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49504, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49512, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49516, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49503, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49511, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 18, "2_sum": 18, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:21:52.557] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 18|max_alert: 1000 [2025-12-10 10:21:52.557] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:52.557] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:52.557] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:55.489] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25440 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP.1726133318.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP.1726133318.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c0abf0e655f88754ae17f04a1d63cfd63d11027fe6327a0284289124294f7eba&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022155Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:21:55.489] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:55.489] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:55.490] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:55.490] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:55.490] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:55.490] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:55.657] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-httpCS4.8_win8_ubuntu_openjdk_IP.1726133318.jsonl|result:{"code": 1, "total_count": 16, "alert_count": 16, "abnormal_count": 16, "normal_count": 0, "timestamp": 1765333315490, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49308, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49303, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49295, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49297, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49298, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49302, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49305, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49307, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49306, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49301, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49294, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49296, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49293, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49299, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49300, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.137", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49304, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:21:55.657] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 16|max_alert: 1000 [2025-12-10 10:21:55.657] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:55.657] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:55.657] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:21:58.649] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25441 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.1726641687.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.1726641687.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=1506c43e305c7a387a19253e29eb03cbfd26555cefa09557e5c9c9b99d2ba5f1&X-Amz-Date=20251210T022158Z"} [2025-12-10 10:21:58.649] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:21:58.649] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:21:58.650] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:21:58.650] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:21:58.650] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:21:58.650] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:21:58.807] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.1726641687.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333318650, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49289, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8173263833964768, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:21:58.807] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:21:58.807] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:21:58.807] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:21:58.807] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:01.798] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24669 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49289.1726641687.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49289.1726641687.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=3288bf2888c27e4f2d84f1863d08a480a9e0a1b972a0762ca62d3f7c70de636d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022201Z&X-Amz-Expires=604800"} [2025-12-10 10:22:01.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:01.798] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:01.798] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:01.798] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:01.798] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:01.798] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:01.955] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49289.1726641687.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333321798, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49289, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8173263833964768, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:01.955] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:01.955] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:01.955] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:01.955] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:04.950] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25783 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.1726623265.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.1726623265.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022204Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=8283896aa21935538b4ebdea92fddfbdbb2da6573924269bdee1c70e39f65b11&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:22:04.950] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:04.950] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:04.950] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:04.950] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:04.950] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:04.950] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:05.142] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.1726623265.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333324950, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50369, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9808746490590238, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:05.142] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:05.142] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:05.142] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:05.142] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:08.103] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24670 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50369.1726623265.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50369.1726623265.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e48d5101c9923763633a25ef5dfc6a8aca3a2f75b79408c23c2cef47daf18976&X-Amz-Date=20251210T022207Z"} [2025-12-10 10:22:08.103] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:08.103] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:08.103] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:08.103] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:08.103] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:08.103] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:08.258] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50369.1726623265.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333328103, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50369, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9808746490590238, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:08.258] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:08.258] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:08.258] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:08.258] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:11.208] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24671 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_IP.1726068440.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_IP.1726068440.jsonl?X-Amz-Signature=d124880fc5ef5fc26cc35aa00f5cfabc8239aac7b5e0345170dc123896081c60&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022210Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:22:11.208] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:11.209] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:11.209] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:11.209] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:11.209] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:11.209] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:11.375] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_IP.1726068440.jsonl|result:{"code": 1, "total_count": 19, "alert_count": 19, "abnormal_count": 19, "normal_count": 0, "timestamp": 1765333331209, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49258, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49260, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49248, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49247, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49245, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49262, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49256, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49252, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49255, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49259, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49254, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49261, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49244, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49250, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49246, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49257, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49249, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49251, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49253, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 19, "2_sum": 19, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:22:11.375] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 19|max_alert: 1000 [2025-12-10 10:22:11.375] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:11.375] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:11.375] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:14.367] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24672 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50482.1726050776.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50482.1726050776.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c940ff1738b5fc0e22bbcea07da36432e7514248f432c9d7e9f4fcf8e8a5dad5&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022213Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:22:14.367] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:14.367] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:14.368] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:14.368] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:14.368] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:14.368] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:14.524] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai5ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50482.1726050776.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333334368, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50482, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.45310155500515314, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:14.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:14.524] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:14.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:14.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:17.519] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25784 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.1726623640.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.1726623640.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=42f8b6cf55134ce45bdc0a981fd871339474640a5cc89db9b2407f8582ec0566&X-Amz-Date=20251210T022217Z"} [2025-12-10 10:22:17.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:17.519] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:17.519] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:17.519] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:17.519] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:17.519] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:17.719] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.1726623640.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333337520, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50370, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9775966523603508, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:17.719] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:17.719] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:17.719] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:17.719] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:20.670] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25442 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50370.1726623640.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50370.1726623640.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=83184d2566978cc43e056a43aadfd4932ffbe7605ec5237bf2b20894bf53e00e&X-Amz-Date=20251210T022220Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:22:20.670] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:20.670] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:20.670] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:20.670] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:20.670] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:20.671] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:20.865] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai2ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50370.1726623640.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333340671, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50370, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9775966523603508, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:20.865] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:20.865] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:20.865] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:20.865] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:23.836] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24673 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.1726052669.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.1726052669.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=f8e5ea6ee90b698b687c401dc692f2b7c5c56f82738b8a7f5f22c0ff63a6c67f&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022223Z"} [2025-12-10 10:22:23.836] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:23.836] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:23.836] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:23.836] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:23.836] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:23.837] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:24.033] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.1726052669.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333343837, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50566, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6385751642051006, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:24.033] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:24.033] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:24.033] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:24.033] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:26.993] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25785 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50566.1726052669.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50566.1726052669.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022226Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cfadc19967d9a3c5cb3cb7e4fc3718dd1e087a8a1a0443384126cb09cbb0b309"} [2025-12-10 10:22:26.993] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:26.993] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:26.993] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:26.993] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:26.993] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:26.994] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:27.150] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50566.1726052669.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333346994, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50566, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6385751642051006, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:27.150] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:27.150] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:27.150] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:27.150] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:30.096] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25443 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_domain.1726075256.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_domain.1726075256.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=c436c437b834924e84f42b7a1df906dd6ce437dd198d17d28b8df6a9b551f43c&X-Amz-Date=20251210T022229Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:22:30.096] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:30.096] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:30.097] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:30.097] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:30.097] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:30.097] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:30.256] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID9-httpCS4.8_win8.1_kali_jdk_domain.1726075256.jsonl|result:{"code": 1, "total_count": 11, "alert_count": 11, "abnormal_count": 11, "normal_count": 0, "timestamp": 1765333350097, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49776, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49773, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49777, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49778, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49775, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49772, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49769, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49770, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49779, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49771, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49774, "dest_port": 8081, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:22:30.257] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-10 10:22:30.257] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:30.257] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:30.257] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:33.248] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25444 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49161.1727228273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49161.1727228273.jsonl?X-Amz-Signature=3e2b56a065c300b8dc5d469da27774ac7fb2986107b668ae27cf0738f5beb0ba&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022232Z"} [2025-12-10 10:22:33.248] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:33.248] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:33.248] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:33.248] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:33.248] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:33.248] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:33.405] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.pcap.TCP_192-168-112-140_51129_192-168-112-142_49161.1727228273.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333353248, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49161, "dest_port": 51129, "y_pred": 2, "y_pred_proba_max": 0.7683776990714972, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:22:33.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:33.405] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:33.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:33.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:36.395] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25786 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.1726641532.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.1726641532.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=5dc7440aaaa4ceb89b5000eb5344770517b013b9fd87b346e1e0c8ff8710b8b7&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022235Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:22:36.395] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:36.395] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:36.395] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:36.395] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:36.395] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:36.395] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:36.552] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.1726641532.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333356395, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49288, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9783858699772497, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:36.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:36.552] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:36.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:36.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:39.546] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25445 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49288.1726641532.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49288.1726641532.jsonl?X-Amz-Date=20251210T022239Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=6e28db301ff84c3db8e41a1cfa0d655dfa7dd65b7f82ff09841cf5a53b3310a3"} [2025-12-10 10:22:39.547] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:39.547] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:39.547] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:39.547] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:39.547] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:39.547] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:39.704] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49288.1726641532.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333359547, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49288, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9783858699772497, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:39.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:39.704] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:39.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:39.704] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:42.709] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25787 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.1726052444.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.1726052444.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=45900f438b72c37cf59b319ffd110ccb53eb8d38d2f42278b18dffac50143bd5&X-Amz-Date=20251210T022242Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:22:42.709] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:42.709] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:42.709] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:42.709] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:42.709] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:42.709] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:42.871] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.1726052444.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333362710, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50557, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9373910290954762, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:42.871] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:42.871] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:42.871] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:42.871] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:45.864] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24674 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50557.1726052444.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50557.1726052444.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022245Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=a038543df38e91759822c79f2200963eec67718b8730b7fa136190479ce25ef5"} [2025-12-10 10:22:45.864] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:45.864] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:45.864] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:45.864] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:45.864] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:45.864] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:46.056] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai6.pcap.TCP_192-168-88-24_50050_192-168-88-28_50557.1726052444.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333365865, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50557, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9373910290954762, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:46.056] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:46.056] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:46.056] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:46.056] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:49.013] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24675 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.1726640312.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.1726640312.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022248Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=06739888d34379ee5b4b4fb8d4e0938317a11733955aec138d6ffd1b233c3e7b"} [2025-12-10 10:22:49.013] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:49.013] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:49.013] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:49.013] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:49.013] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:49.014] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:49.210] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.1726640312.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333369015, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49275, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9185194083118303, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:49.210] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:49.210] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:49.210] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:49.210] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:52.157] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25446 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49275.1726640312.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49275.1726640312.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022251Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=9c77351b90d0a15e0d9d872c34624c213dfa3aae9f38b23af29c4ff75b6bdc4e"} [2025-12-10 10:22:52.157] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:52.158] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:52.158] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:52.158] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:52.158] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:52.159] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:52.355] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49275.1726640312.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333372159, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49275, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9185194083118303, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:52.355] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:52.355] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:52.355] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:52.355] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:55.309] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24676 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.1726641385.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.1726641385.jsonl?X-Amz-Signature=0bac900913de8b13b57bd15f00cd8619cd2cf884d263e21b0553d1220f76fee4&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022254Z&X-Amz-Expires=604800"} [2025-12-10 10:22:55.310] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:55.310] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:55.310] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:55.310] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:55.310] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:55.310] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:55.515] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.1726641385.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333375310, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49287, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9196451214947032, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:55.515] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:55.515] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:55.515] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:55.515] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:22:58.461] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24677 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49287.1726641385.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49287.1726641385.jsonl?X-Amz-Signature=6412e4f5b95f48cb68963cb7c6be774eef80d1eeb2eff8e44369e7d88955659e&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022257Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:22:58.461] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:22:58.461] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:22:58.461] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:22:58.461] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:22:58.461] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:22:58.462] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:22:58.670] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49287.1726641385.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333378462, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49287, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9196451214947032, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:22:58.670] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:22:58.670] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:22:58.670] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:22:58.670] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:01.621] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25788 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_domain.1726232231.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_domain.1726232231.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=37e931c14c6e256161b5c11a4302fef2cd9c46ffc23abff95fac2ca18de7af99&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022301Z&X-Amz-Expires=604800"} [2025-12-10 10:23:01.621] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:01.621] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:01.622] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:01.622] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:01.622] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:01.622] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:02.038] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_domain.1726232231.jsonl|result:{"code": 1, "total_count": 80, "alert_count": 80, "abnormal_count": 80, "normal_count": 0, "timestamp": 1765333381622, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50013, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5526232311972807, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49952, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5091455549440063, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49985, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7899963916430714, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49988, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9902387015626368, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50017, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5126317805497819, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50019, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5421615983370501, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50020, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.634253548647103, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50023, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5748495527829497, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50025, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5093077470645999, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49957, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6391275377848563, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50022, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6028831533738312, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49967, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6184394933444798, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50024, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7299816814923631, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50031, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6257465530286616, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49987, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7439166702994939, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49999, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5514991554710011, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50008, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5334381985888891, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49991, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6810683210938557, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50015, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6900970307293702, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49968, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6629888180424506, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49974, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7995098274011299, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49954, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6050377157364358, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50026, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6083669672342925, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49996, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9878122062996755, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49961, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6564067243467433, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50030, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5303612185224401, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50009, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6144328092860509, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50029, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6725985852957731, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49958, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6363029979065304, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49982, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7544703228860329, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49975, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6070117865114136, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49960, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7262220376531319, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49959, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6953602965575458, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50002, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8206839068554096, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49962, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6147130260899828, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49978, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8772553231692971, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50004, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7066473226866763, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49969, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6784933953486849, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50006, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6413859888941502, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50033, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9919519309011668, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49984, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9933055255614424, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50005, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7641371717396375, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49956, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7344888959447603, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50000, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7378891602627088, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49977, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6970618249174817, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50010, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.533498144812679, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50014, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5777948650150248, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50021, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7636279928629104, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50028, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5262059467082773, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49994, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6011464815712649, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49997, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7595764567170391, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50018, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5110580933442652, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50016, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5973408752956876, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50012, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8590516028663469, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49979, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5763897777191251, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49993, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6141013357476438, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49964, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6066803816067922, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49990, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7119592523807355, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49981, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.59164166555831, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49973, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.511021878025611, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49983, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5488108360844786, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50003, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5846644029436604, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49992, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9827369941385252, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49965, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6531620012287473, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49976, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6060498259280919, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49980, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6127460862510891, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50032, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6387267754455331, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50007, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5459255778297224, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50027, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6740535908658616, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49995, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7774524223939101, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49989, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7111372270866854, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49998, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.523571007562238, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50001, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5459330375956434, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49972, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5524498089566189, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49986, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7301013257121356, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49971, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5980179024082813, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49966, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6222665733341329, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49963, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5992755118696106, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49970, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5357779074294211, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 50011, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7431681293642223, "2_count": 80, "2_sum": 80, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:23:02.038] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 80|max_alert: 1000 [2025-12-10 10:23:02.038] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:02.038] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:02.038] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:04.776] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24678 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.1727159624.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.1727159624.jsonl?X-Amz-Date=20251210T022304Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=b774a9f3736d43f7d4bb80a3d1a21b56e496bc2a654f8eed2d45fbcb445fbb0c"} [2025-12-10 10:23:04.776] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:04.776] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:04.776] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:04.776] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:04.776] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:04.777] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:05.116] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_domain.1727159624.jsonl|result:{"code": 1, "total_count": 51, "alert_count": 51, "abnormal_count": 51, "normal_count": 0, "timestamp": 1765333384777, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50493, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7927906307368934, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50486, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8854999027550163, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50481, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6620730752219484, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50445, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9967850187757732, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50482, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7632523561242499, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50460, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9337957409302919, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50454, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9237116769276617, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50455, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8178259229147375, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50449, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6400137191298733, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50464, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9927556625666566, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50496, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9188679536963599, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50459, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9417957198933872, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50463, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7212493263319284, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50468, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8018646925426739, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50461, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8766804159278622, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50458, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9351269276217935, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50451, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8274199630783736, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50483, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5945419797780971, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50473, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8748114553943344, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50488, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8096350199225714, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50489, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7730757449807033, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50480, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8768360047823152, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50457, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8881844764676449, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50446, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6207118035310338, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50465, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9918610516124646, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50456, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6550124542186542, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50462, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8739267281198654, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50448, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8561333002701108, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50466, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9385947596844778, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50472, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9501198340432971, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50474, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.774733297741169, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50484, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.777173441974523, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50490, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9083148784560441, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50492, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9985325956810535, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50475, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5976508091250565, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50447, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9948477535374655, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50476, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9444439587238346, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50485, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8079560299283343, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50487, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.6872012369079102, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50470, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9778479528954627, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50477, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8894632108572206, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50471, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8753867325600264, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50453, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9465658811252624, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50491, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9055755776829566, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50478, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8867138406207913, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50450, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9966468616913028, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50479, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8608551881795766, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50495, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9438502507410287, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50452, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9622542297552491, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50467, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7115084736428052, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50469, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9630902025436278, "2_count": 51, "2_sum": 51, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:05.116] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 51|max_alert: 1000 [2025-12-10 10:23:05.116] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:05.116] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:05.116] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:07.931] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25789 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.1726052591.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.1726052591.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=784b7f35ba791b55f7aceda608144297130da00556a784a28f6941011fa56d53&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022307Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:23:07.931] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:07.931] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:07.931] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:07.931] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:07.931] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:07.931] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:08.142] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.1726052591.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333387931, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50563, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9928590794685879, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:08.142] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:08.142] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:08.142] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:08.143] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:11.086] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25790 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50563.1726052591.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50563.1726052591.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ed93124a79fdf6787c6c6a51f834cfac8118aba1cdf54f79de3b82d1d02305b1&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T022310Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:23:11.086] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:11.086] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:11.086] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:11.086] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:11.086] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:11.086] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:11.287] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_domain_mogai4.pcap.TCP_192-168-88-24_50050_192-168-88-28_50563.1726052591.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333391086, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50563, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9928590794685879, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:11.287] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:11.287] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:11.287] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:11.287] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:14.237] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25447 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.1726049250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.1726049250.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=34c0fb84ce6af8eddf1c5a7f259754b1c0f9aeba88ce387a50e1dc91b8bcfc37&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022313Z"} [2025-12-10 10:23:14.237] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:14.237] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:14.238] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:14.238] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:14.238] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:14.239] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:14.406] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.1726049250.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333394239, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50415, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9566455107415062, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:14.406] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:14.406] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:14.406] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:14.406] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:17.411] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25791 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50415.1726049250.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50415.1726049250.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022316Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=5339a2c69ed82273c146d974158dfbb6098fc76bcd31e006f65718c9ac6ea8cd"} [2025-12-10 10:23:17.411] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:17.411] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:17.411] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:17.411] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:17.411] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:17.411] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:17.602] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai1ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50415.1726049250.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333397412, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50415, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9566455107415062, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:17.602] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:17.602] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:17.602] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:17.602] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:20.515] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25792 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID13-httpCS4.8_win8_kali_jdk_IP.1726075620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID13-httpCS4.8_win8_kali_jdk_IP.1726075620.jsonl?X-Amz-Signature=632a2339f29306dd8c160d29269fab8a4a6e455eccd9489285114db85720819d&X-Amz-Date=20251210T022320Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:23:20.515] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:20.515] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:20.515] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:20.515] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:20.515] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:20.515] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:20.688] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID13-httpCS4.8_win8_kali_jdk_IP.1726075620.jsonl|result:{"code": 1, "total_count": 26, "alert_count": 26, "abnormal_count": 26, "normal_count": 0, "timestamp": 1765333400515, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49630, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49622, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49642, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49639, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49632, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49644, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49625, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49629, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49623, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49631, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49643, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49635, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49636, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49637, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49620, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49626, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49627, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49633, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49624, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49628, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49638, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49641, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49621, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49634, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49645, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.44", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49640, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 24, "2_sum": 24, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:23:20.688] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 26|max_alert: 1000 [2025-12-10 10:23:20.688] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:20.688] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:20.688] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:23.671] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24679 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.1726049197.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.1726049197.jsonl?X-Amz-Signature=d60e5d921a8c4b0eb3e498a9df1928ef573a838ad9c854444cb173c3e2bbd1d5&X-Amz-Date=20251210T022323Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:23:23.671] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:23.671] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:23.671] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:23.671] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:23.671] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:23.671] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:23.895] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.1726049197.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333403671, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50412, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.961244287689948, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:23.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:23.896] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:23.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:23.896] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:26.811] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25793 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50412.1726049197.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50412.1726049197.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022326Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=5a7fedd980527aefac1c1b1b823aa22b1ef1343e976c2898a71a3b44ae8f23ab"} [2025-12-10 10:23:26.811] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:26.811] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:26.811] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:26.811] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:26.811] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:26.812] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:27.010] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50412.1726049197.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333406812, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50412, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.961244287689948, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:27.010] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:27.010] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:27.010] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:27.010] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:29.954] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25448 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.1726640247.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.1726640247.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=d18ff4fca58c578721a15942060130921dec570a373b23c79f5e5f7e67b0d4c1&X-Amz-Date=20251210T022329Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:23:29.954] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:29.954] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:29.954] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:29.954] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:29.954] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:29.955] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:30.155] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.1726640247.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333409956, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49274, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9475923862428122, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:30.155] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:30.155] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:30.155] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:30.155] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:33.095] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25794 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49274.1726640247.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49274.1726640247.jsonl?X-Amz-Date=20251210T022332Z&X-Amz-Signature=e9c4ef0f10d8dff56e9145ee5574e136a9d94b6c459e38f9e0516f45fcf803e6&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:23:33.095] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:33.095] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:33.095] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:33.095] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:33.095] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:33.096] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:33.301] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai3zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49274.1726640247.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333413096, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49274, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9475923862428122, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:33.301] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:33.301] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:33.301] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:33.301] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:36.254] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24680 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_IP.1726229695.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_IP.1726229695.jsonl?X-Amz-Date=20251210T022335Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=fbf934d7eb415b3066d1b54aa71cf1d7a9ef1f74cbfc638c084703e130a7cc12&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:23:36.254] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:36.254] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:36.254] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:36.254] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:36.254] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:36.254] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:36.640] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID38-tls1.2CS4.8_windowsserver2008R2_kali_openjdk_IP.1726229695.jsonl|result:{"code": 1, "total_count": 76, "alert_count": 76, "abnormal_count": 76, "normal_count": 0, "timestamp": 1765333416254, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49231, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5536283905221424, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49256, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6281403581540339, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49172, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5353306400865453, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49202, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5811762708080267, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49184, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6031550006145634, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49227, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7122963155841672, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49205, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7463630278584541, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49243, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6582920260542253, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49196, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7766822355730967, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49223, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.543049427720714, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49233, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8084731439855268, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49244, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5814739130967891, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49178, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6395542261025086, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49180, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5474971418071267, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49257, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5208920563208368, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49262, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5589559011649154, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49230, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9937176910462588, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49259, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5080873430339278, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49198, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6916111843982602, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49188, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.791836937323343, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49214, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5261868710854988, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49265, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9931520009043627, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49263, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6080650501264456, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49252, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5822834392028516, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49224, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6698283090647289, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49176, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5491783414771263, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49248, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.618043122757581, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49254, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6580376481514761, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49251, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.647303010716762, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49260, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5457526343032756, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49240, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5340017481482312, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49242, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5812314610471208, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49212, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6300536494243009, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49235, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6520458829158031, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49264, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7578437493255555, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49237, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7317551676640563, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49226, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.502240092652947, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49194, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7950940516709619, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49208, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5154196129810762, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49216, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6209284583836192, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49253, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6599500244845031, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49204, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6543283184875964, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49192, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6832329150933986, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49217, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9948242293681544, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49182, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6734925930710424, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49174, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6248472244401541, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49246, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5056733612666298, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49258, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5979215075013885, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49241, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5200177337823262, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49219, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7598957667591607, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49238, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6308904933455395, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49255, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6088901244312445, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49215, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5140786453261911, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49228, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7250207761626102, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49211, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9923675172895208, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49200, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5217023381459583, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49190, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7229230726284015, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49225, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9943734437108162, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49232, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7939669149758993, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49186, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6267671997196244, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49234, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5006858783819141, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49261, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7118598027618485, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49209, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6886356147053031, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49222, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6442998904092805, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49218, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5908848484829133, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49206, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7516297304786235, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49236, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7227390099663921, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49229, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.613742207880986, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49239, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7075482074673664, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49247, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8401069702409798, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49220, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7318273903580081, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49221, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8658658540985611, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49249, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6529116374717252, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49250, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5775056590314713, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49245, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7280543207592937, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.39", "protocol": 6, "src_port": 49170, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6599810656449128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:23:36.641] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 76|max_alert: 1000 [2025-12-10 10:23:36.641] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:36.641] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:36.641] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:39.397] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24681 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.1726641246.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.1726641246.jsonl?X-Amz-Signature=867bfa2a38af63676bae9048a1243f3420bb271a0a5d933659e49bc68b8525a6&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022338Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:23:39.397] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:39.397] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:39.397] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:39.397] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:39.397] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:39.398] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:39.596] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.1726641246.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333419398, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49286, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.39051859700336666, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:23:39.596] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:39.596] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:39.596] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:39.596] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:42.545] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24682 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49286.1726641246.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49286.1726641246.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022342Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3592b7946b107b992d1732218676c01d027c7304d72b99413092ccdf1e3b756d"} [2025-12-10 10:23:42.545] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:42.545] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:42.545] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:42.545] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:42.545] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:42.546] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:42.737] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49286.1726641246.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333422546, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49286, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.39051859700336666, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:23:42.737] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:42.737] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:42.737] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:42.737] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:45.693] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24683 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.1726046709.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.1726046709.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=34dc84ca8335c3731977eea5b9b4edb3cf972b71ef518432bd3107e04dc4d0b5&X-Amz-Date=20251210T022345Z"} [2025-12-10 10:23:45.693] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:45.693] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:45.694] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:45.694] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:45.694] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:45.694] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:45.891] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.1726046709.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333425694, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50353, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9896802619072912, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:45.891] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:45.891] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:45.891] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:45.891] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:48.849] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25449 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50353.1726046709.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50353.1726046709.jsonl?X-Amz-Signature=9854a159f75db8bbc459de630fadd03d0bab7a52181d074e82dd48ec97aedba2&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022348Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:23:48.849] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:48.849] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:48.849] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:48.849] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:48.849] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:48.850] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:49.050] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_domain_mogai.pcap.TCP_192-168-88-22_50050_192-168-88-28_50353.1726046709.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333428850, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50353, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9896802619072912, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:49.050] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:49.050] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:49.050] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:49.050] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:51.993] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25450 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.1726640164.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.1726640164.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=3da73b111b03eec294c0c01b0a60da42d785ab57852b950174ed184f8bd1a853&X-Amz-Date=20251210T022351Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:23:51.993] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:51.993] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:51.993] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:51.993] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:51.993] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:51.994] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:52.224] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.1726640164.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333431994, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49273, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9246137845292827, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:52.224] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:52.224] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:52.224] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:52.224] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:55.135] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25795 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49273.1726640164.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49273.1726640164.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=17c3e76f628486b42195a4386e663e04f78e2cd133c2d43a041dfa57fb12e3d7&X-Amz-Date=20251210T022354Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:23:55.135] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:55.136] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:55.136] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:55.136] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:55.136] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:55.137] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:55.338] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai2zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49273.1726640164.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333435137, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49273, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9246137845292827, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:55.338] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:55.338] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:55.338] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:55.338] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:23:58.275] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25796 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.1726052381.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.1726052381.jsonl?X-Amz-Date=20251210T022357Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=11e639f0a56facc3e386a55faae8b714a95d17ffc79441e241156a56ff0f1541&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:23:58.275] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:23:58.275] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:23:58.275] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:23:58.276] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:23:58.276] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:23:58.276] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:23:58.472] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.1726052381.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333438276, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50554, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6960203398639496, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:23:58.472] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:23:58.472] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:23:58.472] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:23:58.472] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:01.407] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25451 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50554.1726052381.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50554.1726052381.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7a11dc0d8f8792f4d9f4981644041b458ef96bdb278c892f8693f7ad7a0ec0e0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022400Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:24:01.407] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:01.407] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:01.407] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:01.407] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:01.408] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:01.409] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:01.609] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai5.pcap.TCP_192-168-88-24_50050_192-168-88-28_50554.1726052381.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333441409, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50554, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6960203398639496, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:01.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:01.609] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:01.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:01.609] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:04.598] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24684 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.1726817457.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.1726817457.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022404Z&X-Amz-Signature=7878d6200cf1d1b57bbd6fb94574f8e8a567d54e28d63e589ea4413d7c4680a0"} [2025-12-10 10:24:04.598] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:04.598] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:04.598] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:04.598] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:04.598] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:04.599] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:04.823] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.1726817457.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 11, "abnormal_count": 11, "normal_count": 1, "timestamp": 1765333444599, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51910, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9176733408604053, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51911, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9902476607497825, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51908, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9837638142753491, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51898, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5531385391749607, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51904, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9077258172569825, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51902, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9931240746423159, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51913, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7804626368341007, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51914, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5219725503828033, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51905, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5694710971835998, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51907, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7498671072453136, "2_count": 10, "2_sum": 11, "2_ratio": 0.9090909090909091, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51901, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1.0, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:24:04.823] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 11|max_alert: 1000 [2025-12-10 10:24:04.823] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:04.823] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:04.823] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:07.736] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25452 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49272.1726640074.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49272.1726640074.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022407Z&X-Amz-Signature=b33c4a9279fee3edb6241788071d70854d4d45d7fa978bd39c5cc2c7c2023990&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:24:07.736] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:07.736] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:07.736] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:07.736] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:07.736] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:07.737] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:07.933] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49272.1726640074.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333447737, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49272, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9591897032018184, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:07.933] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:07.933] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:07.933] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:07.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:10.882] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25453 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.1726052090.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.1726052090.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=fd5ad80839282f84161fbb198e4722f89a85855197971786c2ee3614820884a3&X-Amz-Date=20251210T022410Z"} [2025-12-10 10:24:10.882] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:10.883] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:10.883] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:10.883] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:10.883] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:10.883] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:11.082] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.1726052090.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333450884, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50540, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6840838352748652, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:11.082] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:11.082] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:11.082] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:11.082] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:14.025] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25454 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50540.1726052090.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50540.1726052090.jsonl?X-Amz-Date=20251210T022413Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=1940dd501f5671a56b19a3490aa63daa6de3e05c9da59cae476eb00105bc0424"} [2025-12-10 10:24:14.025] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:14.025] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:14.025] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:14.025] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:14.026] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:14.026] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:14.241] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50540.1726052090.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333454026, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50540, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6840838352748652, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:14.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:14.241] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:14.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:14.241] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:17.172] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25455 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.1726641177.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.1726641177.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=2e5469508fa19f2f69e4337952730532e5ac6f1333831a86948971b3cc9f49ea&X-Amz-Date=20251210T022416Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:24:17.172] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:17.172] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:17.172] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:17.172] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:17.172] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:17.172] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:17.380] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.1726641177.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333457172, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49285, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.7612787564487756, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:17.380] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:17.380] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:17.380] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:17.380] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:20.312] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24685 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49285.1726641177.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49285.1726641177.jsonl?X-Amz-Signature=4957644aaa349c128832acacde355d492a01a62b28a1159bea30b03d484a87a8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022419Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:24:20.312] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:20.312] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:20.312] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:20.312] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:20.312] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:20.313] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:20.524] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP_mogai1zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49285.1726641177.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333460313, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49285, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.7612787564487756, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:20.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:20.524] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:20.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:20.524] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:23.455] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25456 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.1726052039.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.1726052039.jsonl?X-Amz-Signature=cfdf2b29a7286a43a4c177c2733c2d2ba83d681937271dea316c3d8c3c68c431&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022423Z"} [2025-12-10 10:24:23.455] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:23.455] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:23.455] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:23.455] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:23.455] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:23.456] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:23.676] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.1726052039.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333463456, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50537, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9699129544390623, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:23.676] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:23.676] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:23.676] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:23.676] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:26.598] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25457 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50537.1726052039.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50537.1726052039.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022426Z&X-Amz-SignedHeaders=host&X-Amz-Signature=116c1c59d421682fd041ac95171768d73647d70373e511065621ca6a5623bb50"} [2025-12-10 10:24:26.598] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:26.598] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:26.598] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:26.598] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:26.598] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:26.599] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:26.806] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50537.1726052039.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333466599, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50537, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9699129544390623, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:26.806] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:26.806] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:26.806] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:26.806] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:29.743] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25458 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.1726051773.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.1726051773.jsonl?X-Amz-Date=20251210T022429Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=9da9519424a9da6599db42af2fa22305011bfafacb513a3e932fffd38df11a6a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:24:29.743] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:29.743] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:29.743] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:29.743] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:29.743] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:29.743] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:30.010] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.1726051773.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333469744, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50524, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9733924598757913, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:30.011] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:30.011] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:30.011] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:30.011] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:32.890] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24686 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50524.1726051773.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50524.1726051773.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022432Z&X-Amz-Expires=604800&X-Amz-Signature=a6a6f46a07f7f6e2b5899d0ff5568e0f361f0836d5bd2a4201b73c0272c4bb95"} [2025-12-10 10:24:32.890] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:32.890] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:32.890] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:32.890] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:32.890] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:32.890] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:33.100] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50524.1726051773.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333472890, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50524, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9733924598757913, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:33.100] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:33.100] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:33.100] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:33.100] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:36.027] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25797 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.1726051978.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.1726051978.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T022435Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=609874664c6c6da3de18ca3ef43d91a1ac003d0ffe14ab692a3eaf084fe68c75"} [2025-12-10 10:24:36.027] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:36.027] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:36.027] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:36.027] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:36.027] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:36.027] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:36.263] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.1726051978.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333476027, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50534, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.7254783096687621, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:24:36.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:36.263] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:36.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:36.263] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:39.164] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25459 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50534.1726051978.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50534.1726051978.jsonl?X-Amz-Signature=f52d89e9da14445120842ad3e932730425d095fda4dd3602df7649a205f2337f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022438Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:24:39.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:39.164] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:39.165] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:39.165] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:39.165] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:39.165] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:39.320] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP_mogai1ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50534.1726051978.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333479165, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50534, "dest_port": 50050, "y_pred": 2, "y_pred_proba_max": 0.7254783096687621, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:24:39.320] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:39.320] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:39.320] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:39.320] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:42.290] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25798 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.1726040470.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.1726040470.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T022441Z&X-Amz-Signature=c9fe26b71764dbda843d6215459d1bb587614f07ef15f0e3e2f3c6f52cde28d3&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:24:42.290] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:42.290] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:42.290] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:42.290] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:42.290] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:42.291] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:42.448] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.1726040470.jsonl|result:{"code": 1, "total_count": 2, "alert_count": 2, "abnormal_count": 2, "normal_count": 0, "timestamp": 1765333482291, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49217, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49218, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8294811496311496, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:42.448] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 2|max_alert: 1000 [2025-12-10 10:24:42.448] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:42.448] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:42.448] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:45.428] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24687 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.1726623784.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.1726623784.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022444Z&X-Amz-Expires=604800&X-Amz-Signature=53fff427b2f128f9e27b551bea33af3658aa8e9cb7cbf0eb07207419e9cc1e92&X-Amz-SignedHeaders=host"} [2025-12-10 10:24:45.428] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:45.428] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:45.428] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:45.428] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:45.428] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:45.429] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:45.586] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.1726623784.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333485429, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50371, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9070247238720954, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:45.586] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:45.586] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:45.586] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:45.586] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:48.570] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25799 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50371.1726623784.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50371.1726623784.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=5bd0c83f13c43f857db202d6fbe871f2dd781e04a158270cf2e8d22e44d63a67&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022448Z"} [2025-12-10 10:24:48.570] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:48.570] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:48.571] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:48.571] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:48.571] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:48.571] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:48.732] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP_mogai3ywlkhflow_1ywrkh.pcap.TCP_192-168-88-22_50050_192-168-88-28_50371.1726623784.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333488571, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50371, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9070247238720954, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:48.732] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:48.732] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:48.732] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:48.732] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:51.708] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24688 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49218.1726040473.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49218.1726040473.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=cecd5cbceed3889a5ef56cce2411e3128219c4a60738c430e6cbf6cab0fd2aae&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022451Z"} [2025-12-10 10:24:51.708] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:51.708] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:51.708] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:51.708] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:51.708] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:51.708] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:51.916] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49218.1726040473.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333491708, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49218, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8294811496311496, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:51.916] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:51.916] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:51.916] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:51.916] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:54.847] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24689 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.1726046306.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.1726046306.jsonl?X-Amz-Signature=4f1a3406a9d477fbbfcf1f6da71e7f002000d96e996df1cc6c9cab8b3541860b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022454Z"} [2025-12-10 10:24:54.847] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:54.847] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:54.847] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:54.847] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:54.847] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:54.848] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:55.097] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.1726046306.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333494848, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50347, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9947393348326229, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:55.097] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:55.097] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:55.097] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:55.097] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:24:57.974] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24690 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50347.1726046306.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50347.1726046306.jsonl?X-Amz-Date=20251210T022457Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ad2595875f602670a70fc376862239bf6c3d858337b193d92c2a0ea286308629&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:24:57.975] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:24:57.975] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:24:57.975] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:24:57.975] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:24:57.975] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:24:57.976] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:24:58.175] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID6-tls1.3CS4.8_win10_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50347.1726046306.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333497976, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50347, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9947393348326229, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:24:58.175] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:24:58.175] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:24:58.175] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:24:58.175] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:01.115] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25460 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.1726046026.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.1726046026.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022500Z&X-Amz-Signature=4075a6f38e00bbff501887d9f64fd9731608c00c1cae63802fb6540807c0debb"} [2025-12-10 10:25:01.116] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:01.116] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:01.116] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:01.116] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:01.116] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:01.117] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:01.313] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.1726046026.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333501117, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50340, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9916423812796076, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:25:01.313] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:01.313] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:01.313] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:01.313] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:04.255] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25800 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50340.1726046026.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50340.1726046026.jsonl?X-Amz-Date=20251210T022503Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=91ad669e220b576d2ceef2ed996af3e078b573f86b6d59193df861ff9250d446&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:25:04.255] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:04.255] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:04.255] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:04.255] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:04.255] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:04.256] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:04.449] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID5-tls1.3CS4.8_win10_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-28_50340.1726046026.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333504256, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 50340, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9916423812796076, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:25:04.449] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:04.449] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:04.449] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:04.449] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:07.388] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24691 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.1726025194.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.1726025194.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022506Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=6cd37abeed55037f83beffbb35831e1fa5998ebef6d35deedf1db3d780207e46&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:25:07.388] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:07.388] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:07.388] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:07.388] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:07.388] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:07.389] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:07.591] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.1726025194.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333507389, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50225, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9222684440106839, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:25:07.591] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:07.591] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:07.591] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:07.591] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:10.521] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24692 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.1726022173.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.1726022173.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022510Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8b3b0c361bddc7a1ff12b962116c4f813f1a178eeef103d73aaa22813b262a73&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:25:10.522] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:10.522] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:10.522] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:10.522] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:10.522] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:10.522] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:10.723] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.1726022173.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333510522, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49948, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8549831812491122, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:25:10.723] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:10.723] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:10.723] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:10.723] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:13.660] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25461 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49948.1726022173.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49948.1726022173.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=be7e8ee614b9b6c973ca1c7f0b0991705bb4e8216c4c8c1281247615f4abc30a&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022513Z"} [2025-12-10 10:25:13.660] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:13.660] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:13.660] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:13.660] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:13.660] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:13.661] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:13.863] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49948.1726022173.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333513661, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49948, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8549831812491122, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:25:13.863] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:13.863] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:13.863] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:13.863] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:16.792] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25462 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50225.1726025194.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50225.1726025194.jsonl?X-Amz-Date=20251210T022516Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=290b810fe2a40b58b2b85d444e68d2325489153d7df369768b0a54b7ff75f07b"} [2025-12-10 10:25:16.792] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:16.792] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:16.792] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:16.792] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:16.792] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:16.793] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:16.990] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdg_domain_mogai.pcap.TCP_192-168-88-24_50050_192-168-88-28_50225.1726025194.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333516793, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50225, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9222684440106839, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:25:16.990] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:16.990] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:16.990] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:16.990] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:19.925] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25801 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.1726017084.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.1726017084.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b203308644ea649af340b3c1654bc1495ac4da2ebc31810e17851180229b89d0&X-Amz-Date=20251210T022519Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:25:19.926] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:19.926] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:19.926] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:19.926] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:19.926] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:19.927] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:20.126] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.1726017084.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333519927, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49721, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9971262161600466, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:25:20.126] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:20.126] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:20.126] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:20.126] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:23.049] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25802 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49721.1726017084.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49721.1726017084.jsonl?X-Amz-Expires=604800&X-Amz-Signature=e29354617d70a6c792410fa6323a97135c723814147be3d6b57ee97b398bdddb&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022522Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:25:23.049] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:23.049] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:23.050] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:23.050] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:23.050] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:23.050] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:23.247] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID8-tls1.3CS4.8_win10_ubuntu_openjdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-28_49721.1726017084.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333523050, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49721, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9971262161600466, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:25:23.247] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:23.247] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:23.247] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:23.247] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:26.185] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25803 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042424.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042424.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=030e8bea9d1b4ae7fb20b1903093ea8cb7f9150dea237fb909372858d0f2bf66&X-Amz-Expires=604800&X-Amz-Date=20251210T022525Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:25:26.185] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:26.185] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:26.185] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:26.185] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:26.185] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:26.185] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:26.384] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_ls.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042424.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333526186, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42299, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9998783659205461, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:25:26.384] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:26.384] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:26.384] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:26.384] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:29.291] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25463 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726284531.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726284531.jsonl?X-Amz-Date=20251210T022528Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1aa8718dcd2fae931fc7b8c52f5c355fdea17d1b7efd1c5e891d1fa213d4a437"} [2025-12-10 10:25:29.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:29.292] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:29.292] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:29.292] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:29.292] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:29.292] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:29.487] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726284531.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765333529292, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:25:29.487] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:25:29.487] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:32.394] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25804 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192027.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192027.jsonl?X-Amz-Date=20251210T022531Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=8fafdee7f8186d23741f2bcdbbbc5a7560f695b23509e8cbe34ef95273052a19&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:25:32.394] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:32.394] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:32.395] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:32.395] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:32.395] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:32.395] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:32.593] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192027.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333532395, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11237, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:25:32.593] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:32.593] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:32.593] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:32.593] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:35.497] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25464 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192280.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192280.jsonl?X-Amz-Signature=ec97788fe8a13da0055b6ebf508a93bd3033e0f96378e50f27695c6002ae0a75&X-Amz-Date=20251210T022535Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:25:35.497] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:35.497] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:35.497] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:35.497] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:35.497] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:35.497] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:35.698] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_ls.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192280.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333535497, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11657, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:25:35.698] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:35.698] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:35.698] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:35.698] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:38.627] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25805 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_IP.1728732968.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_IP.1728732968.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022538Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=92aa6fd3dc1b5db1acbb208ce76afb5d31e1115c502ac56f5c1d28ff7c2cc495&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:25:38.628] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:38.628] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:38.628] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:38.628] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:38.628] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:38.628] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:38.918] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_IP.1728732968.jsonl|result:{"code": 1, "total_count": 21, "alert_count": 21, "abnormal_count": 21, "normal_count": 0, "timestamp": 1765333538628, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34638, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.6722498495119673, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34650, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8532664235072036, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34644, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8395605167848867, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34654, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9251629686549672, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34660, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8666270235893071, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34664, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7038524472810676, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34648, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8370680711525115, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34634, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9258061248200679, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34626, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34628, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9247171474546967, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34646, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8176869850903552, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34652, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8961666808333515, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34630, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8303215382222833, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34642, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.5229898646686305, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34636, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9516510162293647, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34662, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9028181579683376, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34640, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9279416400991565, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34666, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7604523869147367, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34632, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7965322466870355, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34656, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.5374613360321774, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 34658, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8159447130760255, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:25:38.918] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 21|max_alert: 1000 [2025-12-10 10:25:38.918] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:38.918] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:38.918] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:41.758] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25465 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_IP.1728727779.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_IP.1728727779.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022541Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=0858dc6e854c1219c3143cd5f9fb7a4f4138e71fd2a4e137152b9514912de7de"} [2025-12-10 10:25:41.759] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:41.759] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:41.759] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:41.759] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:41.759] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:41.759] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:42.026] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_IP.1728727779.jsonl|result:{"code": 1, "total_count": 21, "alert_count": 21, "abnormal_count": 21, "normal_count": 0, "timestamp": 1765333541759, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56970, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7892020374077917, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56966, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56974, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8601418301393289, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56996, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8940617073469203, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56984, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9215855685296445, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56976, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.807230253223138, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57000, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7279398736975623, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56998, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8158632337124991, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56978, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7391702047982551, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56992, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9337806053561917, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57002, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8036534034208659, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57006, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9448282038520124, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56990, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.931011531499548, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56980, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8896217920932599, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56972, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9414524592755901, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56986, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.910552477639477, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56968, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9351139426732936, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56988, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6881596242760177, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56994, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9379251112483292, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57004, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8027336993840472, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 56982, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6160180228889229, "2_count": 21, "2_sum": 21, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:25:42.026] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 21|max_alert: 1000 [2025-12-10 10:25:42.026] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:42.026] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:42.026] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:44.895] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25806 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_20222_192-168-52-129_443.1725954694.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_20222_192-168-52-129_443.1725954694.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022544Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=4d5a260d9a4a9603a588ad2d837690b82850e7e7cc6722ad46c31e89b3184ee1"} [2025-12-10 10:25:44.895] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:44.895] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:44.895] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:44.895] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:44.895] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:44.896] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:45.055] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_20222_192-168-52-129_443.1725954694.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333544896, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 20222, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999022559579159, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:25:45.055] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:45.055] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:45.055] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:45.055] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:47.997] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25466 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192068.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192068.jsonl?X-Amz-Signature=d1ac6a2ff073b122721a0d721a1343d16377bead05c6ec0644fbed49b716ea33&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022547Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:25:47.997] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:47.997] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:47.997] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:47.997] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:47.997] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:47.998] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:48.152] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_ls.pcap.TCP_192-168-52-1_11237_192-168-52-129_80.1726192068.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765333547998, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:25:48.152] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:25:48.152] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:51.100] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24693 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.TCP_192-168-52-1_11333_192-168-52-129_80.1726192105.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.TCP_192-168-52-1_11333_192-168-52-129_80.1726192105.jsonl?X-Amz-Expires=604800&X-Amz-Signature=30438461edf77a6cc57054999f35fa941304ef690ac48e2277e19a50f2eef902&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022550Z"} [2025-12-10 10:25:51.101] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:51.101] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:51.101] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:51.101] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:51.101] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:51.101] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:51.306] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_http_cat.pcap.TCP_192-168-52-1_11333_192-168-52-129_80.1726192105.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333551101, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11333, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:25:51.306] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:25:51.306] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:51.306] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:51.306] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:54.231] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25807 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.1726039121.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.1726039121.jsonl?X-Amz-Date=20251210T022553Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e4a60529115868364e364774f2cfa822740abbba1542cc8355b32d26e29b96fd"} [2025-12-10 10:25:54.231] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:54.231] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:54.231] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:54.231] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:54.231] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:54.231] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:54.440] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.1726039121.jsonl|result:{"code": 1, "total_count": 2, "alert_count": 2, "abnormal_count": 2, "normal_count": 0, "timestamp": 1765333554232, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49204, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49205, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.7917849186026443, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:25:54.440] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 2|max_alert: 1000 [2025-12-10 10:25:54.440] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:54.440] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:54.440] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:25:57.426] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25808 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.1726814632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.1726814632.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022556Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d6181234bd1a4265948a515b1b1331e7a91654ecc9b384edf128b8a1a525ae7c&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:25:57.426] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:25:57.426] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:25:57.426] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:25:57.426] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:25:57.426] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:25:57.427] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:25:57.659] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.1726814632.jsonl|result:{"code": 1, "total_count": 12, "alert_count": 12, "abnormal_count": 12, "normal_count": 0, "timestamp": 1765333557427, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51814, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.6439827887800125, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51813, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9169213898566784, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51802, "dest_port": 446, "y_pred": 2, "y_pred_proba_max": 0.886097405910754, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51817, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9905808671595859, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51810, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8549264185255389, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51808, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8541901061252963, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51800, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9255906624646884, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.137", "protocol": 6, "src_port": 51804, "dest_port": 22, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51805, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.7787013078659158, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51807, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.8944676465086725, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51816, "dest_port": 446, "y_pred": 3, "y_pred_proba_max": 0.7784450465277769, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51811, "dest_port": 446, "y_pred": 1, "y_pred_proba_max": 0.9902186269105376, "2_count": 11, "2_sum": 11, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:25:57.659] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 12|max_alert: 1000 [2025-12-10 10:25:57.659] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:25:57.659] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:25:57.659] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:00.560] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24694 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49205.1726039128.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49205.1726039128.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=499a1aa976a999e7c8a485e0e6980a757f463aece619494d5212ac038fa737f1&X-Amz-Date=20251210T022600Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:26:00.560] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:00.560] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:00.561] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:00.561] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:00.561] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:00.561] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:00.769] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID19-tls1.3CS4.8_win7_ubuntu_jdk_IP.pcap.TCP_192-168-88-24_50050_192-168-88-30_49205.1726039128.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333560561, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49205, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.7917849186026443, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:26:00.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:00.769] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:00.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:00.769] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:03.689] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25467 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.TCP_192-168-52-1_23792_192-168-52-129_443.1725956188.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.TCP_192-168-52-1_23792_192-168-52-129_443.1725956188.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=eebc532c2c3b2d028506272d0db277de688aab9a9f35b1b31fde096cf769f8e5&X-Amz-Date=20251210T022603Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:26:03.689] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:03.689] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:03.689] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:03.689] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:03.689] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:03.690] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:03.897] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_https_whoami.pcap.TCP_192-168-52-1_23792_192-168-52-129_443.1725956188.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333563690, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 23792, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999910791295988, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:26:03.897] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:03.897] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:03.897] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:03.897] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:06.792] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25468 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11500_192-168-52-129_80.1726192241.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11500_192-168-52-129_80.1726192241.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=dcb87cacd40f384109a68b49aec7fec6c64227e8ffa0639eee62a41285c1d495&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022606Z"} [2025-12-10 10:26:06.792] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:06.792] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:06.792] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:06.792] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:06.792] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:06.793] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:06.992] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_whoami.pcap.TCP_192-168-52-1_11500_192-168-52-129_80.1726192241.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333566793, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11500, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:26:06.992] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:06.992] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:06.992] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:06.992] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:09.923] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25809 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.TCP_192-168-52-1_42110_192-168-52-129_443.1726042297.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.TCP_192-168-52-1_42110_192-168-52-129_443.1726042297.jsonl?X-Amz-Signature=1f1de395d9c2b3bd9d48754c4695ab82580fb7755a18a5e8e772878e8a83e18d&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022609Z&X-Amz-Expires=604800"} [2025-12-10 10:26:09.923] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:09.923] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:09.923] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:09.923] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:09.923] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:09.923] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:10.128] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_whoami.pcap.TCP_192-168-52-1_42110_192-168-52-129_443.1726042297.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333569923, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42110, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.870831642951712, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:26:10.128] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:10.128] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:10.128] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:10.128] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:13.055] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24695 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.1726051942.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.1726051942.jsonl?X-Amz-Signature=90ff68ae405b1acd87ff8db9721e1db9b6755d6cbfcc41808dae7966d5fdae4c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022612Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:26:13.055] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:13.055] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:13.055] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:13.055] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:13.055] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:13.055] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:13.250] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.1726051942.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333573055, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50532, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9010988274471945, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:26:13.250] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:13.250] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:13.250] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:13.250] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:16.190] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25469 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50532.1726051942.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50532.1726051942.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022615Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=fc14041858059bd617c68c6ab820bc7cc46e0c497e427175c1479adba6fa3ede"} [2025-12-10 10:26:16.190] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:16.190] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:16.190] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:16.190] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:16.190] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:16.190] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:16.345] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai3ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50532.1726051942.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333576190, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50532, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9010988274471945, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:26:16.345] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:16.345] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:16.345] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:16.345] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:19.292] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24696 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192308.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192308.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=f199cca8503513e26631f86513a3e3dbf6d173c4f4194493e53a61622c21c48d&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022618Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:26:19.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:19.292] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:19.292] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:19.292] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:19.292] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:19.292] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:19.446] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID51_behinderv4.0.7_php_linux_http_cat.pcap.TCP_192-168-52-1_11657_192-168-52-129_80.1726192308.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765333579293, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:26:19.446] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:26:19.446] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:22.424] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25470 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.1726051899.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.1726051899.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022621Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=a8ab0e3572a4709a3d7468412011e6df0e731c769b40cca1d761f61f6eb3f353"} [2025-12-10 10:26:22.424] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:22.424] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:22.424] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:22.424] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:22.424] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:22.425] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:22.611] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.1726051899.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333582425, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50530, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8991885414408523, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:26:22.611] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:22.611] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:22.611] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:22.611] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:25.549] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25471 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50530.1726051899.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50530.1726051899.jsonl?X-Amz-Signature=5f070add29dec9df64cfde0fb07590c9d9b4a9b4b25270a96ffab9b4b3e4aae5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022625Z&X-Amz-Expires=604800"} [2025-12-10 10:26:25.549] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:25.549] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:25.549] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:25.549] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:25.549] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:25.550] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:25.756] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID7-tls1.3CS4.8_win10_ubuntu_jdk_IP_mogai2ywlkhflow1ywrkh.pcap.TCP_192-168-88-24_50050_192-168-88-28_50530.1726051899.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333585550, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.28", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 50530, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8991885414408523, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:26:25.756] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:25.756] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:25.756] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:25.756] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:28.653] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24697 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042454.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042454.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=9eae969894d3b25e611ab0bb697604cc3aef8e7a2bf3400ee426bf673c2c40af&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022628Z&X-Amz-Expires=604800"} [2025-12-10 10:26:28.653] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:28.653] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:28.653] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:28.653] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:28.653] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:28.654] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:28.861] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID52_behinderv4.1_php_linux_https_cat.pcap.TCP_192-168-52-1_42299_192-168-52-129_443.1726042454.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765333588654, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:26:28.861] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:26:28.861] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:31.784] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25810 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain3.1726212571.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain3.1726212571.jsonl?X-Amz-Date=20251210T022631Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=da452a553bc4db72334545699477d402d3adb950d5dee352460dccfccf7a9e7c&X-Amz-Expires=604800"} [2025-12-10 10:26:31.784] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:31.784] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:31.784] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:31.784] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:31.784] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:31.784] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:31.999] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain3.1726212571.jsonl|result:{"code": 1, "total_count": 30, "alert_count": 30, "abnormal_count": 30, "normal_count": 0, "timestamp": 1765333591784, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50106, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.992579251484475, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50119, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9606648505653901, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50107, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.957316741244574, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50115, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9906508911936864, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50099, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9925659925692168, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50110, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9972080274194728, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50114, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9706321954426319, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50102, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9533124084669521, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50103, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8913937097071337, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50121, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9811801432488392, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50113, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9961725500417813, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50109, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9765797730939423, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50111, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9877115672517671, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50105, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.922400126706727, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50100, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9978813030484246, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50095, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9973308371583047, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50108, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9965447116166124, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50093, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9935550774029027, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50117, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9893246668636865, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50096, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9809496040762827, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50094, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9913497115129094, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50112, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9830457347118746, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50116, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9146792526308372, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50118, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9939905270358815, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50097, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.971272975693726, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50120, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9973484671154503, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50104, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9699425847800891, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50098, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8558902763119373, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50101, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9059397889180666, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50092, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:26:32.000] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 30|max_alert: 1000 [2025-12-10 10:26:32.000] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:32.000] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:32.000] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:34.905] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24698 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.1726044658.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.1726044658.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=7c643b2b9a5d1b4337dc8e5cd0241c66908c49e713c1b22fc42d937cd46f0412&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022634Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:26:34.905] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:34.905] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:34.905] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:34.905] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:34.905] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:34.906] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:35.101] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.1726044658.jsonl|result:{"code": 1, "total_count": 2, "alert_count": 2, "abnormal_count": 2, "normal_count": 0, "timestamp": 1765333594906, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49260, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6796832720229173, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49259, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 2, "2_sum": 2, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:26:35.101] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 2|max_alert: 1000 [2025-12-10 10:26:35.101] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:35.101] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:35.101] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:38.032] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25472 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49260.1726044661.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49260.1726044661.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=7c45809550c3c918821f7d603b7f0f5437e78b647e4a802fca804389b2c5a077&X-Amz-Date=20251210T022637Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:26:38.032] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:38.032] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:38.033] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:38.033] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:38.033] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:38.033] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:38.239] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogaizwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49260.1726044661.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333598033, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49260, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6796832720229173, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:26:38.239] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:38.239] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:38.239] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:38.239] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:41.135] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25473 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62448_192-168-0-202_8080.1726715820.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62448_192-168-0-202_8080.1726715820.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022640Z&X-Amz-Signature=e4ee073403e9cd375759405828466ddd24f42547e6f1942b12e37c1467d869ea&X-Amz-Expires=604800"} [2025-12-10 10:26:41.135] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:41.135] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:41.135] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:41.135] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:41.135] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:41.135] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:41.339] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID71_Z_Godzilla_ekp1.1_jsp_linux-http.pcap.TCP_192-168-0-3_62448_192-168-0-202_8080.1726715820.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333601135, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.0.3", "dest_ip": "192.168.0.202", "protocol": 6, "src_port": 62448, "dest_port": 8080, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:26:41.339] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:41.339] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:41.339] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:41.339] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:44.262] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25474 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.1726043311.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.1726043311.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022643Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bcedaf26a9522eff2bc4b65c807c0e1e0257432df947d633c33c30748e2237ad"} [2025-12-10 10:26:44.262] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:44.263] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:44.263] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:44.263] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:44.263] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:44.263] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:44.500] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.1726043311.jsonl|result:{"code": 1, "total_count": 3, "alert_count": 3, "abnormal_count": 3, "normal_count": 0, "timestamp": 1765333604263, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49234, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49236, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8726555512649641, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49235, "dest_port": 50050, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:26:44.500] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 3|max_alert: 1000 [2025-12-10 10:26:44.500] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:44.500] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:44.500] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:47.391] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25475 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain2.1726212514.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain2.1726212514.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c9f29294876aad4497023d3cc7bc429d6617916dc97488b4e912111a95226988&X-Amz-Date=20251210T022646Z"} [2025-12-10 10:26:47.391] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:47.391] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:47.392] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:47.392] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:47.392] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:47.392] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:47.663] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain2.1726212514.jsonl|result:{"code": 1, "total_count": 28, "alert_count": 28, "abnormal_count": 28, "normal_count": 0, "timestamp": 1765333607392, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50070, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9836455802589793, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50082, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9949765402218131, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50091, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9838514284301566, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50079, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9619127811045495, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50074, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9921356836697374, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50083, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9960854099602006, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50080, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9494903166921302, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50089, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9923521151210051, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50076, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9940318165078508, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50064, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50084, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9943455112777259, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50086, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9815741346253922, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50068, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9854402752815357, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50065, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9861156591914846, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50071, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9962923603266659, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50072, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9902096152170293, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50081, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9852182826513363, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50087, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9951385309373632, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50088, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9944331154426221, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50075, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8438996524767447, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50067, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9911300327715452, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50066, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9865231777367143, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50077, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9864977092629397, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50078, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9962814503649499, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50069, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9937542777997674, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50085, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9961868284125542, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50090, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9714484798319067, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50073, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9784413631036302, "2_count": 28, "2_sum": 28, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:26:47.663] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 28|max_alert: 1000 [2025-12-10 10:26:47.663] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:47.663] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:47.663] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:50.512] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25811 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49236.1726043317.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49236.1726043317.jsonl?X-Amz-Date=20251210T022649Z&X-Amz-Signature=468bad30787d08518c720c58ec47e9422c8117d9d2142138d450d6e3c3946974&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:26:50.512] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:50.512] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:50.513] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:50.513] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:50.513] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:50.513] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:50.712] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49236.1726043317.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333610513, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49236, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8726555512649641, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:26:50.712] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:50.712] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:50.712] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:50.712] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:53.647] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25476 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain3.1726211028.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain3.1726211028.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=1a91b10082b9b72b4471f4999a2405ca73feef466237212d182911651e136139&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022653Z&X-Amz-Expires=604800"} [2025-12-10 10:26:53.647] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:53.647] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:53.648] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:53.648] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:53.648] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:53.649] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:53.921] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain3.1726211028.jsonl|result:{"code": 1, "total_count": 29, "alert_count": 29, "abnormal_count": 29, "normal_count": 0, "timestamp": 1765333613649, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49784, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.992804351549356, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49798, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9950820975221701, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49799, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9944167577577538, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49791, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9990180186444445, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49779, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8382320110400495, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49775, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9926604675393249, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49800, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9431676483550671, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49790, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9944972176286252, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49785, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.989033351162948, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49797, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.992756928668088, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49795, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9990197202721924, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49793, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9732994974432579, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49776, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9888252075744062, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49792, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9958791718264562, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49783, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9087249661650049, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49789, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9996387593672055, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49786, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9846961788953118, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49778, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.987972943687672, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49777, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9941535067141068, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49774, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9924965254705932, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49796, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9969652909756276, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49780, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9280517790258257, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49794, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9899744671542131, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49773, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987820744776774, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49781, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.989138721392638, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49788, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.999657924785119, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49782, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9559244151238987, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49772, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49787, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9948486477463612, "2_count": 29, "2_sum": 29, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:26:53.922] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 29|max_alert: 1000 [2025-12-10 10:26:53.922] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:53.922] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:53.922] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:56.773] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25812 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.1726042715.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.1726042715.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022656Z&X-Amz-Signature=8259ab4b4b317038f26bb15967a6cfe0a47733d38b35c372ea8e200d57ac2260"} [2025-12-10 10:26:56.774] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:56.774] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:56.774] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:56.774] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:56.774] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:56.774] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:26:56.970] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.1726042715.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333616774, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49227, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8549675798446492, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:26:56.970] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:26:56.970] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:26:56.970] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:26:56.970] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:26:59.903] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25813 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49227.1726042715.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49227.1726042715.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022659Z&X-Amz-SignedHeaders=host&X-Amz-Signature=050bfe53ba229e1bbe3bbdfb1569084889311b0edc24df9e7c820f955bfc5e34&X-Amz-Expires=604800"} [2025-12-10 10:26:59.903] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:26:59.903] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:26:59.904] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:26:59.904] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:26:59.904] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:26:59.904] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:00.060] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_IP.pcap.TCP_192-168-88-22_50050_192-168-88-30_49227.1726042715.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333619904, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49227, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8549675798446492, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:27:00.060] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:00.060] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:00.060] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:00.060] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:03.027] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24699 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.TCP_192-168-52-1_11978_192-168-52-129_443.1726018395.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.TCP_192-168-52-1_11978_192-168-52-129_443.1726018395.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=3f4987179ab3ca1a2f802b2a85b1a322de059a07c588ed61cc147cadadc791ec&X-Amz-Date=20251210T022702Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:27:03.028] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:03.028] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:03.028] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:03.028] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:03.028] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:03.028] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:03.186] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_whoami.pcap.TCP_192-168-52-1_11978_192-168-52-129_443.1726018395.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333623028, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11978, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999995485618658, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:27:03.186] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:03.186] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:03.186] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:03.186] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:06.130] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25477 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_http_ls.pcap.TCP_192-168-52-1_13132_192-168-52-129_80.1726193238.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_http_ls.pcap.TCP_192-168-52-1_13132_192-168-52-129_80.1726193238.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=58ad9d39388a8a97c9f488f926a4968e0ba7b2e2477a8736018560ec60beb6b2&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022705Z"} [2025-12-10 10:27:06.130] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:06.130] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:06.130] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:06.130] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:06.130] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:06.131] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:06.285] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_http_ls.pcap.TCP_192-168-52-1_13132_192-168-52-129_80.1726193238.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333626131, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13132, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:27:06.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:06.285] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:06.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:06.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:09.253] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24700 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43319.1726308806.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43319.1726308806.jsonl?X-Amz-Date=20251210T022708Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c7eb6c0734ba39b82f656ab2a307c1a792f7780022aaa0e17c860252f29fd19d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:27:09.253] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:09.253] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:09.253] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:09.253] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:09.253] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:09.254] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:09.410] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.3_1.pcap.TCP_10-0-4-15_443_218-26-55-102_43319.1726308806.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333629254, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "218.26.55.102", "dest_ip": "10.0.4.15", "protocol": 6, "src_port": 43319, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9995815701114811, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:27:09.410] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:09.410] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:09.410] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:09.410] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:12.356] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24701 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13351_192-168-52-129_80.1726193406.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13351_192-168-52-129_80.1726193406.jsonl?X-Amz-Date=20251210T022711Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=c292637050c33fe83b3a6446bd424b254b7683bc4c2508d2f2aac5155e359e39"} [2025-12-10 10:27:12.356] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:12.356] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:12.356] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:12.356] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:12.356] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:12.357] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:12.555] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_ls.pcap.TCP_192-168-52-1_13351_192-168-52-129_80.1726193406.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333632357, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13351, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:27:12.555] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:12.555] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:12.555] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:12.555] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:15.480] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25814 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_domian.1728733260.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_domian.1728733260.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022714Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=436c042577c7fef73b28caa1ae168cb898be9bccd22ced0464f54efb9559acfc"} [2025-12-10 10:27:15.480] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:15.480] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:15.480] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:15.480] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:15.480] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:15.481] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:15.678] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID25-tls1.2CS4.8_centos_ubuntu_jdk_domian.1728733260.jsonl|result:{"code": 1, "total_count": 16, "alert_count": 16, "abnormal_count": 16, "normal_count": 0, "timestamp": 1765333635482, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54696, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9275189616794793, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54694, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.887827227182562, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54690, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.7045034266743581, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54676, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.7904088619726505, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54692, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.8812165772123437, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54704, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9511760893533832, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54684, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.7630858552647061, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54678, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.8992782512698286, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54682, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.8854341088666021, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54688, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.7626431775383956, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54686, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.7828899162284786, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54698, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.5608495250974965, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54702, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9681026865142206, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54700, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.8936371723503499, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54674, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.55.142", "protocol": 6, "src_port": 54680, "dest_port": 9999, "y_pred": 1, "y_pred_proba_max": 0.89541734297925, "2_count": 16, "2_sum": 16, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:27:15.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 16|max_alert: 1000 [2025-12-10 10:27:15.678] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:15.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:15.678] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:18.605] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25478 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.TCP_192-168-52-1_41203_192-168-52-129_443.1726041863.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.TCP_192-168-52-1_41203_192-168-52-129_443.1726041863.jsonl?X-Amz-Signature=981bebfd846ad6ac5a677037beb9de5071aa91596726710c43e2cc5fab7776a2&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022718Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:27:18.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:18.605] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:18.605] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:18.605] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:18.605] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:18.606] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:18.797] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_cat.pcap.TCP_192-168-52-1_41203_192-168-52-129_443.1726041863.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333638606, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41203, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999996967263856, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:27:18.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:18.798] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:18.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:18.798] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:21.736] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25815 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11615_192-168-52-129_443.1726018232.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11615_192-168-52-129_443.1726018232.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022721Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=79669b466acf549ec3c352306ff7e499434c2123a21434c32303aaa13c9b3908"} [2025-12-10 10:27:21.736] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:21.736] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:21.737] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:21.737] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:21.737] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:21.737] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:21.934] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_ls.pcap.TCP_192-168-52-1_11615_192-168-52-129_443.1726018232.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333641737, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11615, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999994275985199, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:27:21.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:21.934] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:21.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:21.934] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:24.860] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25816 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12244_192-168-52-129_443.1726018528.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12244_192-168-52-129_443.1726018528.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022724Z&X-Amz-Signature=e72ac9b503aa01d2352faf8db14253897e4ceeacac6f74a23cc4d7f5961f11df&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:27:24.860] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:24.860] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:24.860] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:24.860] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:24.860] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:24.860] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:25.058] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_ls.pcap.TCP_192-168-52-1_12244_192-168-52-129_443.1726018528.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333644861, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12244, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999991758557298, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:27:25.058] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:25.058] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:25.058] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:25.058] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:27.983] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25479 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11799_192-168-52-129_443.1726018273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11799_192-168-52-129_443.1726018273.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ecac67e9d0f92eb8941a9e1ca1def633862ff8299bb89ee8e4ee2bb773cee1cd&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022727Z"} [2025-12-10 10:27:27.983] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:27.983] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:27.983] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:27.983] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:27.983] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:27.983] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:28.191] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_cat.pcap.TCP_192-168-52-1_11799_192-168-52-129_443.1726018273.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333647983, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11799, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999990088490532, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:27:28.191] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:28.191] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:28.191] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:28.191] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:31.085] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25817 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.TCP_192-168-52-1_13086_192-168-52-129_80.1726193199.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.TCP_192-168-52-1_13086_192-168-52-129_80.1726193199.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=2c788b2595353f0de75b541f0ed1f585a481839470e9576456908cf3a27f75c8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022730Z"} [2025-12-10 10:27:31.085] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:31.085] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:31.086] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:31.086] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:31.086] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:31.087] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:31.285] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_http_whoami.pcap.TCP_192-168-52-1_13086_192-168-52-129_80.1726193199.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333651087, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13086, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:27:31.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:31.285] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:31.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:31.285] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:34.203] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24702 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12297_192-168-52-129_443.1726018573.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12297_192-168-52-129_443.1726018573.jsonl?X-Amz-Signature=67a9746f6bacf341dc2bb6942fea8982a7cba62022d7b3ab3377b737a46a76f2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Date=20251210T022733Z"} [2025-12-10 10:27:34.203] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:34.203] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:34.203] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:34.203] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:34.203] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:34.204] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:34.400] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12297_192-168-52-129_443.1726018573.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333654204, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12297, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999979203508564, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:27:34.400] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:34.400] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:34.400] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:34.400] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:37.306] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25818 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11912_192-168-52-129_80.1726192481.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11912_192-168-52-129_80.1726192481.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022736Z&X-Amz-Signature=4ce7603e24eb48d18f78e850a4d23b33c32b8f480ef07e4ced8f3de1fe2a2560&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:27:37.306] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:37.306] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:37.306] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:37.306] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:37.306] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:37.307] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:37.506] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_ls.pcap.TCP_192-168-52-1_11912_192-168-52-129_80.1726192481.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333657308, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11912, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:27:37.506] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:37.506] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:37.506] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:37.506] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:40.430] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25819 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_whoami.pcap.TCP_192-168-52-1_41141_192-168-52-129_443.1726041812.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_whoami.pcap.TCP_192-168-52-1_41141_192-168-52-129_443.1726041812.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022739Z&X-Amz-Expires=604800&X-Amz-Signature=686c8f47199a42f4fcea7d5a923ceb4ae637368be0985d66e7a37aa8cc3af579&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:27:40.430] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:40.430] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:40.430] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:40.430] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:40.430] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:40.431] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:40.637] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_whoami.pcap.TCP_192-168-52-1_41141_192-168-52-129_443.1726041812.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333660431, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41141, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999989062398834, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:27:40.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:40.637] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:40.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:40.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:43.553] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25480 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_ls.pcap.TCP_192-168-52-1_42840_192-168-52-129_443.1726042754.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_ls.pcap.TCP_192-168-52-1_42840_192-168-52-129_443.1726042754.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022743Z&X-Amz-SignedHeaders=host&X-Amz-Signature=b458a56355cc6f33c2ead9b81c7ed49fb897e81853b7323fb662e5be588f5ed2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:27:43.553] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:43.553] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:43.553] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:43.553] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:43.553] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:43.553] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:43.710] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_ls.pcap.TCP_192-168-52-1_42840_192-168-52-129_443.1726042754.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333663553, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42840, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999994110421229, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:27:43.710] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:43.710] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:43.710] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:43.710] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:46.655] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24703 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13302_192-168-52-129_80.1726193375.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13302_192-168-52-129_80.1726193375.jsonl?X-Amz-Date=20251210T022746Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=896214b911bd854af53851460ad3ea026434b1700064b30700c5b45b7a8cedf7"} [2025-12-10 10:27:46.655] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:46.655] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:46.655] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:46.655] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:46.655] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:46.656] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:46.861] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_whoami.pcap.TCP_192-168-52-1_13302_192-168-52-129_80.1726193375.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333666656, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13302, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:27:46.861] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:46.861] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:46.861] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:46.861] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:49.758] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25481 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13377_192-168-52-129_80.1726193427.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13377_192-168-52-129_80.1726193427.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=0db316a2d15d11c4340c7476c47c4972f17154ecfeba69a0c9a69196cfdb471a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022749Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:27:49.758] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:49.758] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:49.758] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:49.758] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:49.758] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:49.759] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:50.022] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_http_cat.pcap.TCP_192-168-52-1_13377_192-168-52-129_80.1726193427.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333669759, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13377, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:27:50.022] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:50.022] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:50.022] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:50.022] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:52.879] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25820 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12295_192-168-52-129_443.1726018573.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12295_192-168-52-129_443.1726018573.jsonl?X-Amz-Signature=db418fa1f0c01a7dd33b8e2b8e9806187637e9a7d5b74f07d96142ed430a64b5&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022752Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:27:52.879] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:52.879] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:52.879] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:52.879] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:52.879] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:52.880] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:53.036] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_tls1.2_cat.pcap.TCP_192-168-52-1_12295_192-168-52-129_443.1726018573.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333672880, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 12295, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.999995347060206, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:27:53.036] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:53.036] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:53.036] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:53.036] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:56.002] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25821 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.1726040971.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.1726040971.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=39a4624430b029b78e3df913d0993c4a222124848a0aa652952550c12e29e793&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022755Z"} [2025-12-10 10:27:56.002] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:56.002] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:56.002] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:56.002] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:56.002] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:56.003] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:56.192] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.1726040971.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333676003, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49222, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8672757517500722, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:27:56.192] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:56.192] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:56.192] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:56.192] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:27:59.127] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25482 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49222.1726040971.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49222.1726040971.jsonl?X-Amz-Signature=752f3415c4c02cca0e591218ef7a49060660ac3b9df2f41ba2330eba35ca4192&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022758Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:27:59.127] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:27:59.127] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:27:59.128] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:27:59.128] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:27:59.128] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:27:59.128] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:27:59.333] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_domainzwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49222.1726040971.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333679128, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49222, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8672757517500722, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:27:59.333] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:27:59.333] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:27:59.333] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:27:59.333] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:02.258] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25822 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_IP.1726233486.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_IP.1726233486.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022801Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8d8d508be73d1c878eb16e726d950e4cd6516d1a9c212f108787443c4d3710a8"} [2025-12-10 10:28:02.258] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:02.258] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:02.258] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:02.258] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:02.258] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:02.258] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:02.486] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID40-tls1.2CS4.8_windowsserver2008R2_ubuntu_openjdk_IP.1726233486.jsonl|result:{"code": 1, "total_count": 38, "alert_count": 38, "abnormal_count": 38, "normal_count": 0, "timestamp": 1765333682259, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50186, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8030879579406135, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50208, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7526694871873465, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50194, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6654672400410357, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50234, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6664485960534436, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50216, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9789676979462377, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50188, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6030830063373747, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50202, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7522464071617297, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50222, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6622663499773793, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50228, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9151646694291784, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50184, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5009170703445844, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50198, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5212532317820967, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50230, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7408975270597601, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50235, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6677992416246191, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50238, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6949451856677477, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50176, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5350925499476693, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50204, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9967414485067707, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50232, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5582827271566351, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50236, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5109238951686534, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50226, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9970854732141112, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50231, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9813471546804314, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50190, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5856197408985024, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50240, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.953442967717258, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50178, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.732311186682568, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50192, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6092417410400571, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50200, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6493722336061095, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50210, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6489862176157795, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50237, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5404542800542543, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50196, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5214885513925283, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50214, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7440167866112836, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50224, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7218997145108652, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50206, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.985719712302142, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50233, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9667694225277425, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50212, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6412779148112056, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50180, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6534580909365131, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50220, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9301621583997064, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50239, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5136080494755816, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50182, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6990510662358953, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.31", "protocol": 6, "src_port": 50218, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6617939663637548, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:28:02.486] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 38|max_alert: 1000 [2025-12-10 10:28:02.486] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:02.486] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:02.486] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:05.379] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25483 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41044_192-168-52-129_443.1726041741.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41044_192-168-52-129_443.1726041741.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022804Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=50160e475fd3516e2cbc189d2ba5b1433b58b1a5978e037474de29e51c85868b"} [2025-12-10 10:28:05.379] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:05.379] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:05.379] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:05.379] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:05.379] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:05.380] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:05.573] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_https_cat.pcap.TCP_192-168-52-1_41044_192-168-52-129_443.1726041741.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333685380, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41044, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999988170489669, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:28:05.574] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:05.574] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:05.574] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:05.574] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:08.505] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25823 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.TCP_192-168-52-1_41006_192-168-52-129_443.1726041711.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.TCP_192-168-52-1_41006_192-168-52-129_443.1726041711.jsonl?X-Amz-Date=20251210T022808Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=0f4e5bfbe05a9611d269acb440cc3bb7b24dbcba12cf79393588d1b50e691484"} [2025-12-10 10:28:08.505] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:08.505] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:08.505] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:08.505] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:08.505] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:08.505] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:08.708] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai2_https_ls.pcap.TCP_192-168-52-1_41006_192-168-52-129_443.1726041711.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333688505, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41006, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999971909647384, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:28:08.708] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:08.708] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:08.708] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:08.708] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:11.631] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25824 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42804_192-168-52-129_443.1726042728.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42804_192-168-52-129_443.1726042728.jsonl?X-Amz-Date=20251210T022811Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=a91f9b84366026c73927ce319251f93fbded86319252e457bad97a44159dee0d&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:28:11.631] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:11.631] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:11.631] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:11.631] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:11.631] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:11.632] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:11.829] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_whoami.pcap.TCP_192-168-52-1_42804_192-168-52-129_443.1726042728.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333691632, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42804, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999994275836422, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:28:11.829] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:11.829] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:11.829] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:11.829] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:14.755] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24704 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_domain.1728728620.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_domain.1728728620.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022814Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=6ec4b0b5514352e3bf29e021a5774c18a7bccdcbec9f9ec5cebd99f2561f56a0"} [2025-12-10 10:28:14.755] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:14.755] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:14.755] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:14.755] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:14.755] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:14.755] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:14.996] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID26-tls1.2CS4.8_centos_ubuntu_openjdk_domain.1728728620.jsonl|result:{"code": 1, "total_count": 15, "alert_count": 15, "abnormal_count": 15, "normal_count": 0, "timestamp": 1765333694755, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57782, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.5337578116520333, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57788, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.8679184214341474, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57770, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.8345362070996089, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57772, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.7255191362562268, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57784, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.9652196351092807, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57778, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.7898348227275912, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57764, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57768, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.615258642064978, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57790, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.8822160546257996, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57774, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.9536843833998847, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57776, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.8522559635829474, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57766, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.6623903856677502, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57792, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.9670368110108151, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57786, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.5727607004172083, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.26.55.21", "dest_ip": "172.26.53.255", "protocol": 6, "src_port": 57780, "dest_port": 6666, "y_pred": 1, "y_pred_proba_max": 0.5931218828045606, "2_count": 15, "2_sum": 15, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:28:14.996] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 15|max_alert: 1000 [2025-12-10 10:28:14.996] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:14.996] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:14.996] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:17.876] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25825 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42735_192-168-52-129_443.1726042673.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42735_192-168-52-129_443.1726042673.jsonl?X-Amz-Signature=5970ba110ee72cf709e0b613d2c8eb8ec05ae55a08eaa01e59b32f3e1b604a5a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022817Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:28:17.876] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:17.876] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:17.876] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:17.876] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:17.876] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:17.877] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:18.032] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_cat.pcap.TCP_192-168-52-1_42735_192-168-52-129_443.1726042673.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333697877, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42735, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999995582906659, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:28:18.032] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:18.032] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:18.032] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:18.032] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:20.979] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25826 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13160_192-168-52-129_80.1726193257.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13160_192-168-52-129_80.1726193257.jsonl?X-Amz-Date=20251210T022820Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0e82e7a9d9a04d06dcbace97d31836f2fd95891f208849bfbb06f6f8e43422b5"} [2025-12-10 10:28:20.979] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:20.979] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:20.979] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:20.979] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:20.979] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:20.979] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:21.135] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai1_http_cat.pcap.TCP_192-168-52-1_13160_192-168-52-129_80.1726193257.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333700979, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 13160, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:28:21.135] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:21.135] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:21.135] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:21.135] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:24.080] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25484 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11943_192-168-52-129_80.1726192508.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11943_192-168-52-129_80.1726192508.jsonl?X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022823Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b5e53cb0846e84c74f3c5e4c94bdeca43b6bed13d595c025fe9f8eefb5645985"} [2025-12-10 10:28:24.080] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:24.080] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:24.080] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:24.080] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:24.080] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:24.080] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:24.279] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_http_cat.pcap.TCP_192-168-52-1_11943_192-168-52-129_80.1726192508.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333704080, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11943, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:28:24.280] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:24.280] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:24.280] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:24.280] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:27.200] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25485 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25201_192-168-52-129_443.1725956945.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25201_192-168-52-129_443.1725956945.jsonl?X-Amz-Date=20251210T022826Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=70f8e449fa7a8d7c31e88ea7e7ed929652ed307b4b796a6f2a2e02f5dc25619f&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:28:27.200] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:27.200] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:27.201] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:27.201] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:27.201] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:27.201] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:27.404] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID49_behinderv2.0.1_php_linux_https_whoami.pcap.TCP_192-168-52-1_25201_192-168-52-129_443.1725956945.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333707201, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 25201, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999995600807153, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:28:27.404] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:27.404] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:27.404] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:27.404] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:30.321] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25486 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.TCP_192-168-52-1_42702_192-168-52-129_443.1726042647.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.TCP_192-168-52-1_42702_192-168-52-129_443.1726042647.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022829Z&X-Amz-Signature=6760dc6e3306d04ac3efcc856d6578599f844c24f916b663d502d34d33dc5b7c"} [2025-12-10 10:28:30.321] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:30.321] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:30.322] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:30.322] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:30.322] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:30.323] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:30.556] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_ls.pcap.TCP_192-168-52-1_42702_192-168-52-129_443.1726042647.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333710323, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42702, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999985303094544, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:28:30.556] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:30.556] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:30.556] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:30.556] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:33.423] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25487 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_whoami.pcap.TCP_192-168-52-1_11875_192-168-52-129_80.1726192452.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_whoami.pcap.TCP_192-168-52-1_11875_192-168-52-129_80.1726192452.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022832Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=e5defa16cf8bf3b0e1410155faa0b994cebecf9091f6fa3a9a24ca4de76880e0"} [2025-12-10 10:28:33.423] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:33.423] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:33.423] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:33.423] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:33.423] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:33.424] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:33.623] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__http_whoami.pcap.TCP_192-168-52-1_11875_192-168-52-129_80.1726192452.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333713424, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 11875, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:28:33.623] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:33.623] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:33.623] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:33.623] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:36.543] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25827 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21125_192-168-52-129_443.1725955214.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21125_192-168-52-129_443.1725955214.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022836Z&X-Amz-Signature=e58a5e2f03fc8e69b6cfb8f625a2fd37de0b9f979f41099f1428de016a42375a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:28:36.543] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:36.543] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:36.543] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:36.543] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:36.543] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:36.544] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:36.746] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai__https_whoami.pcap.TCP_192-168-52-1_21125_192-168-52-129_443.1725955214.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333716544, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 21125, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.999998998896587, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:28:36.746] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:36.746] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:36.746] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:36.746] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:39.659] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25488 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.TCP_192-168-52-1_41174_192-168-52-129_443.1726041840.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.TCP_192-168-52-1_41174_192-168-52-129_443.1726041840.jsonl?X-Amz-Signature=aaf5d35fc05f5621f3d780f03543849a5624bccb22857a5e4b4403527fca92df&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022839Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:28:39.659] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:39.659] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:39.659] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:39.659] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:39.659] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:39.660] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:39.880] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogaitls1.2_ls.pcap.TCP_192-168-52-1_41174_192-168-52-129_443.1726041840.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333719660, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 41174, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999994050738346, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:28:39.880] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:39.880] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:39.880] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:39.880] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:42.787] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25828 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain1.1726212464.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain1.1726212464.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=02f7940fc710d44d92e5357499d53491f1acab7f92ba9537d50f1135cd112d0e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022842Z&X-Amz-Expires=604800"} [2025-12-10 10:28:42.787] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:42.787] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:42.787] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:42.787] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:42.787] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:42.788] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:42.984] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID22-tls1.3CS4.8_mac_kali_openjdk_domain1.1726212464.jsonl|result:{"code": 1, "total_count": 22, "alert_count": 22, "abnormal_count": 22, "normal_count": 0, "timestamp": 1765333722788, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50046, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9876939369673159, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50042, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50049, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9542583031234141, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50044, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9979838511141056, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50048, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9585708608829328, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50054, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9950780882305902, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50055, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9828557336195156, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50051, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9961645297777323, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50050, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9912539676793041, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50058, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9872479199169144, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50045, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9943347935105041, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50061, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9909478328736763, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50047, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9930440390574894, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50060, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9909241027192666, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50062, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9913417050330752, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50053, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9936793150174883, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50052, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9954358009909343, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50059, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9763359246317397, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50056, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9806901959743102, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50043, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9951477744650418, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50057, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9957882319465541, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.139", "protocol": 6, "src_port": 50063, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9979425763068516, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:28:42.984] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 22|max_alert: 1000 [2025-12-10 10:28:42.984] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:42.984] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:42.984] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:45.907] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25829 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40774_192-168-52-129_443.1726041616.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40774_192-168-52-129_443.1726041616.jsonl?X-Amz-Signature=0c39ccbfdf9d0752e7943ccc24a155ef4eabf40c4be0e6e4cce489901cddc2ef&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T022845Z&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:28:45.907] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:45.907] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:45.907] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:45.907] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:45.907] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:45.908] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:46.065] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai3_https_whoami.pcap.TCP_192-168-52-1_40774_192-168-52-129_443.1726041616.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333725908, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 40774, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999978113543249, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:28:46.065] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:46.065] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:46.065] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:46.065] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:49.029] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25830 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain1.1726210647.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain1.1726210647.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=d91ca4a5b2ff782d5cbc4be88719a81f7e31f48a98161cf304d4a553639b948e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022848Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:28:49.030] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:49.030] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:49.030] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:49.030] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:49.030] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:49.030] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:49.238] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID24-tls1.3CS4.8_mac_ubuntu_openjdk_domain1.1726210647.jsonl|result:{"code": 1, "total_count": 22, "alert_count": 22, "abnormal_count": 22, "normal_count": 0, "timestamp": 1765333729030, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49754, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9430324857787179, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49753, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9945352070474369, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49735, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49746, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.99678660131393, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49743, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9137106979292495, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49741, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9959611176689372, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49745, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9959891716996626, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49738, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9896345947000015, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49755, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9323692794491828, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49749, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9562215401549788, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49736, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.998299772069063, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49737, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9932198334809276, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49747, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9803233341325367, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49748, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.99442073397985, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49751, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9939352247240762, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49756, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9914727553401294, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49750, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.981419420684849, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49740, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.995168698561525, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49739, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7846651275323114, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49742, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9888708769344112, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49744, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9978738954258088, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.141", "dest_ip": "192.168.112.135", "protocol": 6, "src_port": 49752, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9928270810438129, "2_count": 22, "2_sum": 22, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:28:49.238] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 22|max_alert: 1000 [2025-12-10 10:28:49.238] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:49.238] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:49.238] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:52.153] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25831 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42866_192-168-52-129_443.1726042775.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42866_192-168-52-129_443.1726042775.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=12fc9645a8f66a705c58c9d2068e2c6a6c5376b7d0cc6050191c9a6d5b6a5a2f&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022851Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:28:52.153] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:52.153] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:52.153] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:52.153] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:52.153] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:52.154] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:52.350] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID50_behinderv3.0.11_php_linux__mogai_tls1.2_cat.pcap.TCP_192-168-52-1_42866_192-168-52-129_443.1726042775.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333732154, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.52.1", "dest_ip": "192.168.52.129", "protocol": 6, "src_port": 42866, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9999996443158026, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:28:52.350] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:28:52.350] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:52.350] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:52.350] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:28:55.259] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24705 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726283902.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726283902.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=e2e289eb70decf5628fbd9f5dcdbf2c800d54d355bc2d48498f584f5c4e962f6&X-Amz-Date=20251210T022854Z"} [2025-12-10 10:28:55.260] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:55.260] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:55.260] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:55.260] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:55.260] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:55.261] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:55.266] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726283902.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765333735261, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:28:55.266] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:28:55.266] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:58.732] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24706 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_IP.1727073768.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_IP.1727073768.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022858Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=312ff2554b1ab97a0397aaef6e298f07e322e3c06203aa074d4249fd0d842e75"} [2025-12-10 10:28:58.732] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:28:58.732] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:28:58.732] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:28:58.732] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:28:58.732] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:28:58.733] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:28:59.532] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_IP.1727073768.jsonl|result:{"code": 1, "total_count": 323, "alert_count": 323, "abnormal_count": 323, "normal_count": 0, "timestamp": 1765333738733, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50056, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.912684512733928, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49859, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6037498976675788, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50109, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9769991455246613, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49863, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5983683224577125, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49998, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9950564493361544, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50030, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8490175847592613, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50003, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9128968852262066, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50070, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9369833906404413, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49860, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7263337080745429, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49991, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9074188388328347, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50055, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9297847614244219, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49874, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7973857151344117, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49893, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9924818795038265, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50165, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6842286064783865, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49882, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9896831538653199, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50092, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6630111598006113, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49945, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9390842256612778, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50020, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.547911109123112, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49989, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9012795669724603, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49994, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9356096543841093, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50002, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9796100937922201, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50136, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9285536012641178, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49976, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9757711314223454, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49848, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9885255124867265, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49936, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9828105063963437, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50022, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9011803069598002, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49915, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9869755232255546, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49872, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9633438750787758, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50021, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9706792142888904, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50102, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9812461025382226, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50071, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9366927191624654, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49927, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7357554732817034, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49926, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5606824361159941, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49879, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9596409498699529, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49992, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9513467485021676, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50097, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8287999311994428, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49852, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9768466058866888, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49908, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5870987794919775, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49911, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9839068234366172, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49942, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9883449476351207, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49949, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9702483769833885, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49990, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9852063438386265, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50123, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.95822704542551, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50128, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9754581306752914, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49975, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9178325840136805, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50036, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.745348070777347, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49946, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6405379228402215, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49923, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9939514976614076, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50091, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7192452390508892, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50067, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9623874554675362, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50007, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5863672154842945, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50135, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9219297999105767, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50045, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9662881694372588, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50060, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9510219342830234, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49865, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9734019507407136, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50133, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5955082746691431, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49941, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.697138567652706, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50016, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8624862826765007, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50012, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8353357749422853, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50017, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.841088913905406, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50042, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8118444335928162, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50095, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7038632668022207, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50113, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9667985798765776, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50131, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9813331554680103, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50146, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9768586234752555, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50151, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6326408825536969, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50099, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9863615268285604, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49855, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9832209828169866, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50103, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9842715822673843, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49940, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9583010674006418, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49955, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.727866179452142, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49906, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.957827283735689, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49948, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9733998342879587, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50107, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9279802577828402, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50065, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8189260048664514, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50124, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9664180573535283, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50144, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9741736636068459, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49869, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9933603028537731, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49912, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8699076799154611, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49957, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9854891523854606, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50093, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5409561878430762, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50084, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9936130773072025, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49845, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6893959008828524, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50158, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8579051679300373, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49903, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9685188378293258, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49862, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6694775778904314, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49895, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8454868302160361, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49937, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.972485038453176, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50132, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5876016313469103, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49910, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.932120347792623, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49844, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49963, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6547450656229994, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49854, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9759154665367663, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49961, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9948216272906447, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49864, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9620078905378076, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50087, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9259008476962212, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50110, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9568265177495159, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49861, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9030623606577871, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50034, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7458580586533183, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50049, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9936956599268572, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49883, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8251442629654581, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50154, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9890794429686529, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49943, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9783863460849964, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50089, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.928689514667576, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50018, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9897966744284692, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49849, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7795758690613304, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49928, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9673150821938389, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49966, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9787922611705792, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50027, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9500705249060678, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50043, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5646919154649714, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49999, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7148982511864771, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50058, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6996630788892086, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50141, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7008485511523361, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49870, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.519014315061055, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50152, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9730957440257904, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50068, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6258716439752365, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49899, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7570261434076502, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49947, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9654421111447936, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49914, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9954426597621633, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49968, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9813466913562781, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49944, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9879159632423361, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50039, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9586706551570859, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50118, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9587107789213769, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50159, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9721000779025367, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50041, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8362354502605105, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49983, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9851169869629264, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50163, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9106024338700971, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49970, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9478018505948719, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50164, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9749887449274751, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49974, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9649460850337243, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49984, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9758353722425849, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50024, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8047538586963607, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49925, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9922899970776189, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49929, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9760262098061426, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49969, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9934088009290944, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50063, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9892281073173252, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49866, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.977789427660724, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50059, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9685207526335013, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50062, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.563856309889236, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50072, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5722023211483864, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49964, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.968377670070066, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49967, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9848507196477422, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50031, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9573166813281524, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50038, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9966534467046791, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50094, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6746263792173497, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49997, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9774943243914614, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49996, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9816508015595911, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49873, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.989506020936303, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50013, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9691393704867441, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49934, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9825519254846108, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50117, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9373004389999428, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50134, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9855894932554822, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50023, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9635812312000156, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49950, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9863955637025198, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50075, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9712182366664839, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50130, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9811008385825957, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49935, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.994303428938712, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50040, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9944096051499666, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50121, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.982517658921429, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49876, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9802835839045795, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50051, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5988012743237588, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49988, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5608042874599993, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50082, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.961765519120334, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50073, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8940173967748857, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50001, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9578625906245473, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50098, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9512702963542256, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49901, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.874609163743849, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49952, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9839607167229134, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50100, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9872555973164371, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50106, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9871375017401144, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50139, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7601787915820585, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50143, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9759298212195147, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49930, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8360892610061819, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49884, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6472833402561581, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50166, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9986693174603224, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50077, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9385310231904834, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49896, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.987486730325193, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49971, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5582732011545501, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50004, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7772776044664502, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49993, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7885361627427978, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50080, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6926540613435109, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50150, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7000383788036014, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49888, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.89569690746626, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50142, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9799518791259246, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49867, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9791580378182895, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50160, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8595390595271271, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49905, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6623753581622265, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49917, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9557361850170469, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49960, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6917337486336427, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50032, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.979635176307812, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49846, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9630882500120779, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49980, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9438803230576462, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50147, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9968156026256881, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50162, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5818370367875477, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50014, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5593500439663502, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50029, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9949182409343089, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50037, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.963021978653042, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50115, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5380492936178434, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49904, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7209736555032992, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49973, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9713030836766385, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50086, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.941563701567202, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50078, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9760016444009831, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50101, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9823051712208024, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49878, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.661132723538958, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49913, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9141375545905563, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50025, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.651654550568496, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50052, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.926603441172563, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49972, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5977084809505079, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49958, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7742927378274134, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50116, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5053505791108346, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49909, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8557526989526344, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49924, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8993326300046355, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50129, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.882428185672293, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50083, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9951763541291199, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49918, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9772339902816951, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49962, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9656546128725347, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50054, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9866787607983974, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49986, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6251053014792565, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49965, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9474212987085815, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49898, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5665192573538829, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50010, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8259606472574323, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50028, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9916258986846701, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49877, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9712236515182107, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49939, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5842487905404479, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50122, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9671815599568604, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49853, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.967940890578197, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49951, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9191190573099375, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50081, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8036690920880585, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50114, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9598872126894666, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49919, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9670502222088144, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49887, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6367014326485201, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50149, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9964602886969508, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50156, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9615714599452491, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49916, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8368760718241542, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49959, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9798299601254008, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50126, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9763109922286853, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50000, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9640154492579236, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50008, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9769318401731768, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50064, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6138146879280815, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49933, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9733972773000354, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50044, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9629332059173831, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50046, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9589199723621343, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50050, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9819998470389308, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49985, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9831453232152239, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50057, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.940569470466155, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50069, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9512551642487669, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49987, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.978225139019532, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50104, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9626675469607637, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50009, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6227210139218995, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50111, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5106043850275731, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49871, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6207572880379378, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49902, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7738937696580138, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50011, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.984372163367471, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50048, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9909363941223029, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50120, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.604338303985681, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49885, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8747940644393977, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50005, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9952732621737987, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49894, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9858409876125284, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49856, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9995322331205367, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49897, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9873893247398439, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49886, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8589713252768436, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49954, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9578745900044038, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50053, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6896443796632269, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49922, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.966225852433274, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49889, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9918744044948553, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50019, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7519410807985978, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49938, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9920831435179297, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49868, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.956450830909685, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49921, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9839439109626139, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49932, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9867442891204209, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50047, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6450325299048916, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50061, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8483179155916748, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50085, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8751308576652389, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50088, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9307981126558207, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49907, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7895530635868445, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49892, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9787411301519512, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50066, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.996368833661631, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50026, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9451425620521533, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49858, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6388164672448247, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50074, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8989214266996771, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50127, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9772081177489722, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50033, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9068725678448161, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50155, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9913538893909138, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50015, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5104406713677775, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49920, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6739898927579671, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50079, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8218216145281355, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49981, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5233872177522988, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49857, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9836569643814875, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49847, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9886096773297816, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49978, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5070351413746987, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50157, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9655506462100112, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50161, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9285915920667849, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50096, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9370942004641784, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50108, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9293672133909007, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50148, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7317295614546431, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49977, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9836276428766784, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49931, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5041504754360617, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50153, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5963469211403722, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49953, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9940758303917804, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50140, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9931337767029377, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49875, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.45587687697866547, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49956, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.983732058836334, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50090, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.8451640328264091, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50125, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9770660171853159, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50006, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.675702937075865, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50138, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.885861354554371, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49890, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9960052258859914, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50119, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9704293704775508, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50137, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6829548146147214, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49851, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9482626081916771, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50112, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9602789760086011, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49880, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9913695642921155, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49881, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5182515569447009, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49891, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9744871773831643, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50105, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7645230943910629, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50076, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9306462392871959, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49850, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.976166206582888, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49979, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9148545312802593, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49900, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5699118668573513, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49995, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.979956630637799, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50145, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7485452417991353, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 49982, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9821490742808658, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50035, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9344513231653665, "2_count": 323, "2_sum": 323, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:28:59.532] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 323|max_alert: 1000 [2025-12-10 10:28:59.532] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:28:59.532] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:28:59.532] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:01.839] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25832 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726284531.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726284531.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=14e6acfa22b6f96dd721309426823a7a6a57be86dc4f055175448ce567470fe6&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022901Z"} [2025-12-10 10:29:01.839] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:01.839] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:01.839] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:01.839] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:01.839] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:01.840] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:01.844] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID60_behinderv4.1_aspx_winserver2012r2-tls1.2_1.pcap.UDP_10-0-4-15_3389_111-53-218-171_51841.1726284531.jsonl|result:{"code": 0, "total_count": 0, "alert_count": 0, "abnormal_count": 0, "normal_count": 0, "timestamp": 1765333741840, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:29:01.844] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:29:01.844] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:05.067] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25833 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_IP.1727075387.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_IP.1727075387.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=7d8a1f94f769b326ba5f409138206ebbc335f4091e31b8b5681df73ae91d41c8&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022904Z"} [2025-12-10 10:29:05.067] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:05.067] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:05.067] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:05.067] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:05.067] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:05.067] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:05.405] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_IP.1727075387.jsonl|result:{"code": 1, "total_count": 96, "alert_count": 96, "abnormal_count": 96, "normal_count": 0, "timestamp": 1765333745068, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50250, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7320694010757255, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50294, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9143479559941067, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50235, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9904437084612971, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50302, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9184303262220646, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50272, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9634442706801813, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50240, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9567652692594767, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50312, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9632823526389884, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50295, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9290168656035379, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50310, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9792268828636937, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50300, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5652401409280137, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50303, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9970903989857882, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50319, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9811963948800059, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50320, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.994655701435671, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50290, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9610210876729414, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50301, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9877464961120611, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50262, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7885083109675786, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50253, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5286931000012356, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50225, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50255, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9919427607187751, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50274, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9886531264612943, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50251, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9850493285553931, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50267, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9772307668962272, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50257, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9128268378512929, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50280, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8492926111087645, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50281, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9670081878197971, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50249, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8569354434014516, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50276, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.945168289997379, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50231, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5629440533080406, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50286, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9155900790323991, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50287, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9618059083166087, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50292, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9783690064467849, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50313, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.985151192360472, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50234, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6165185065486278, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50269, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9802405616315973, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50237, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9862250768160064, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50227, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9742388129830866, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50273, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.7327032050575627, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50256, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.953169668838093, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50275, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9630176352700658, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50309, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9722929074760572, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50260, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9308735418657971, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50239, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.6584272718407038, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50298, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.867995316193006, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50248, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9935116060393047, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50306, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9483049705435055, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50308, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9749191472773266, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50311, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9963022107499532, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50268, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9660160374766978, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50233, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5900283296879201, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50246, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9850617605872317, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50314, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9887212089462564, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50318, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9367519957607916, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50277, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9886896590961135, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50299, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9761302080331501, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50226, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.9526300072242987, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50247, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5569647488225031, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50254, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9666203567068122, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50259, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6642024846775728, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50252, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9696304342654973, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50284, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5976077241093474, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50264, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9429718324770955, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50315, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9447778554031051, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50296, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9339709019631312, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50270, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.5344407136152157, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50285, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.737348016052896, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50261, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9847427622560799, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50288, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9659720813086614, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50317, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5733202842302004, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50229, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9754866954395122, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50271, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9764819323705491, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50266, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9682779926574817, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50307, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.572975552670283, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50282, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8293108213505053, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50242, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9451460902901075, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50241, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9961617207058336, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50258, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.975277882791354, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50316, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9369468552360414, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50230, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9776755844526774, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50265, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9878759243853074, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50283, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9894517342321967, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50236, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5377829763866936, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50238, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7491825770643566, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50305, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9911429460559499, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50244, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9291751018229152, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50232, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9670427899299335, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50243, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.7268099391225156, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50291, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9515855603979286, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50289, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9831502231162093, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50245, "dest_port": 4143, "y_pred": 1, "y_pred_proba_max": 0.6284838548227506, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50304, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.5839443681944724, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50263, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9534462009267722, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50228, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9737427412589976, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50279, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.983476664387842, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50293, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9768043043301445, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50297, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.8771636695377104, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50278, "dest_port": 4143, "y_pred": 3, "y_pred_proba_max": 0.9137520080236008, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:29:05.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 96|max_alert: 1000 [2025-12-10 10:29:05.405] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:05.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:05.405] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:08.292] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25489 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_domain.1727337756.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_domain.1727337756.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=51b18aa333c183f0a594e12eaf2393d0d170385de2d0713334286cf964932a9e&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022907Z&X-Amz-Expires=604800"} [2025-12-10 10:29:08.292] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:08.292] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:08.292] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:08.292] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:08.292] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:08.293] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:08.648] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_domain.1727337756.jsonl|result:{"code": 1, "total_count": 100, "alert_count": 100, "abnormal_count": 100, "normal_count": 0, "timestamp": 1765333748293, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52141, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7992264015635948, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52137, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8563181601935116, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52135, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.710134370372058, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52207, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9282716739348001, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52113, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9469145653674625, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52184, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8963155857954644, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52188, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9466246037484531, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52152, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8850068644543395, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52125, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9786473619908952, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52136, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.5943154192623313, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52157, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5493237658682708, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52122, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9436706129592828, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52129, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9146178117432336, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52165, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.6048200284239559, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52168, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.546172662180798, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52175, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9767199166725453, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52185, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.939910076716612, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52197, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8777385730992845, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52206, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9408243100713752, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52174, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9891668810637424, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52176, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9303011127977474, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52200, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9628474243911925, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52151, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5581752871437675, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52111, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9167671762401094, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52128, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8746938717482686, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52156, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.956076466929616, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52177, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7500959333425945, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52182, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9002156468462077, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52118, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9246283743604492, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52119, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9247856650023082, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52146, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9220827419000501, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52189, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7714943394637498, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52178, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.839111596344256, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52116, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6721115245497418, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52148, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8223779678119884, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52142, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9717648680062462, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52145, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7425766375752965, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52144, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9300230089826887, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52131, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6266987503615363, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52124, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9896917960330592, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52159, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5338582322011293, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52170, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.976266705230669, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52133, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9183725746726318, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52171, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9797571072255394, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52191, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9412272351218671, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52199, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8851248770302418, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52160, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9463765860143531, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52196, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9259193503516323, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52163, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5498271073616211, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52190, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6978130757793901, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52201, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7350506738418443, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52120, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9230969844647448, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52187, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.5574138805327431, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52194, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9646465099697048, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52183, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9466466747022219, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52167, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9409538535229407, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52179, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.47368454080001826, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52180, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.6971534618970462, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52208, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9270882419399703, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52209, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9052930981567001, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52117, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8069681930745379, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52130, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5073187338769927, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52192, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9838864110136946, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52195, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5171150775499859, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52115, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9707258148203648, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52154, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.5639640486380836, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52139, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9286410824717212, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52193, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9574006127368515, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52110, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6312528175330426, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52121, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7920245406229192, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52112, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9688487370668326, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52164, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6625423781072952, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52140, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7473391236999901, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52158, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7873232984513144, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52172, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.908489292899985, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52186, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8458994082046406, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52204, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9375665356140841, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52161, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7747772638103901, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52202, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8864011353851811, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52138, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9814572761907557, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52132, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5746648057040702, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52205, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8800923362193929, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52153, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9513933962859774, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52114, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8093034536107697, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52166, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8051457229877027, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52123, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.982757212381813, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52126, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.7885549056902029, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52169, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.7741596421093909, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52198, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9695820683142766, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52203, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8355270894244378, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52147, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9423285122768676, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52162, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6730149474675262, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52181, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.532041191001607, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52155, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8463553470491237, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52143, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.5103466082590444, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52150, "dest_port": 8990, "y_pred": 3, "y_pred_proba_max": 0.8251256616714179, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52173, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.5699437933895314, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52127, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.6143906067842008, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52149, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.8206815676643691, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52134, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9184975773210156, "2_count": 100, "2_sum": 100, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:29:08.648] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 100|max_alert: 1000 [2025-12-10 10:29:08.648] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:08.648] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:08.648] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:11.513] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24707 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_IP.1727398358.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_IP.1727398358.jsonl?X-Amz-Signature=d21826342fc4aa240d93d17d64282a5b0411f137643a4bc448f846c1ebf88148&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022911Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:29:11.513] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:11.513] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:11.513] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:11.513] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:11.513] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:11.513] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:11.975] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_IP.1727398358.jsonl|result:{"code": 1, "total_count": 92, "alert_count": 92, "abnormal_count": 92, "normal_count": 0, "timestamp": 1765333751514, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49893, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7219083371931175, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49855, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9605670351533792, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49858, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6499172053532136, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49878, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8068388519603652, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49851, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6318024672742749, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49881, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8074165418949916, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49889, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6920476900715941, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49874, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9783856303093864, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49849, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6243851057182942, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49904, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9124182815014376, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49827, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7867954580912583, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49911, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9427937610330535, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49844, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8774659640525907, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49901, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8635968073685155, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49869, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.852981951747037, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49861, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7569788650651758, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49871, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.851535193854736, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49876, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6530456324096936, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49883, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8727246008529581, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49830, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8832869812088577, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49888, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9293666937681686, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49900, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8937462092959588, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49912, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9180996457736041, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49853, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5443740487170939, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49840, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8504678535033428, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49828, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7437240848798812, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49848, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7093220585625833, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49884, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9630699372037945, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49882, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6200615195285073, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49894, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6032604965646904, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49880, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8033783900960704, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49902, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.95166616327142, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49821, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.436322727590321, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49909, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6124800307296783, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49873, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.49851250452408247, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49824, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9182494196749937, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49822, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9678144113460768, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49906, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8962899420334062, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49835, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6822091358877382, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49870, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7267318806896884, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49891, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7300162866050978, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49850, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6607948361748729, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49823, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8720777492250344, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49879, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.515272450181456, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49854, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8314626296598142, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49892, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5579828481044155, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49898, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8268343490583236, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49864, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.959529866949088, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49862, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8974545475325156, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49890, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6716081993391795, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49831, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9142546505444914, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49868, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8660062030673948, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49837, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9404465573508798, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49895, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8949556705014371, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49896, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7953724916373498, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49847, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.673855818998148, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49842, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8363114200304143, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49852, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5730074938906288, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49826, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6595879366639672, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49866, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9334034406641464, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49905, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.558466589319465, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49829, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7756123368669774, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49867, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5381488938441703, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49825, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9031253882751805, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49832, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7940131997863517, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49875, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5268917107247628, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49860, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.840133173502189, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49907, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7678200061531537, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49903, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6435879475990721, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49857, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9509315478026236, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49845, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6352806961423553, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49836, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6625147101061587, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49872, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8326496785314252, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49865, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8648520969807312, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49910, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8579855844570402, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49839, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8420466204977842, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49886, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5777176046860213, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49841, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8196219061569351, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49899, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8674129676888247, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49856, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.910691955743757, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49843, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9273711985893746, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49885, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.820365122634426, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49833, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6399138522117351, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49897, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5797851425231919, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49859, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5265057964892825, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49838, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9597281911132077, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49834, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9261016400473958, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49913, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6058104145313088, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49877, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6997603392307076, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49887, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8444824858458608, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49863, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9664204433643117, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49846, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5193956247891588, "2_count": 92, "2_sum": 92, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:29:11.975] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 92|max_alert: 1000 [2025-12-10 10:29:11.975] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:11.975] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:11.975] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:14.760] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25490 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1727228273.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1727228273.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022914Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=b802bd8c7b3a2aa17c239c6edb848ce8dbbefd1974b7b1cb1ab426c6f0d90e07&X-Amz-SignedHeaders=host"} [2025-12-10 10:29:14.760] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:14.760] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:14.760] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:14.760] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:14.760] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:14.761] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:15.405] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID35-tls1.2CS4.8_windowsserver2008_kali_jdk_domain.1727228273.jsonl|result:{"code": 1, "total_count": 184, "alert_count": 184, "abnormal_count": 184, "normal_count": 0, "timestamp": 1765333754761, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49171, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9036775644763501, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49283, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9912113345091026, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49168, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.781315655366253, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49173, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7794742360397849, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49259, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7156993776938108, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49163, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9627407074253814, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49205, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9723429172454786, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49208, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9987299237502186, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49216, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5576112589467513, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49292, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.957253514859184, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49245, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7360587104230578, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49341, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6711097955292692, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49200, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6404661592443197, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49217, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8661740526532142, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49315, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9428599858976464, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49215, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8970206050352545, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49207, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9866518536981347, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49218, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8887710468089111, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49247, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5565646215495013, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49243, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7967497122450772, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49177, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8198474389707736, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49264, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8754835936153706, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49196, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8515432049926769, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49294, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9188803945204663, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49284, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9650550094311113, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49299, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9440669798766085, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49212, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9865806649237132, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49301, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7918797865388021, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49255, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5439471585213654, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49220, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9720165770690631, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49271, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6056612005644393, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49309, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.947300168382834, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49197, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6257930564673225, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49313, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.79137488150312, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49324, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9560591377964437, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49237, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9976982512770951, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49332, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6896610510905407, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49290, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6090624899155326, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49329, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6648016830313859, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49234, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5546714584129069, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49296, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5293839695735326, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49300, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7535252300512015, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49311, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9591934005365429, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49235, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5862204358738493, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49279, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7046632371792493, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49335, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5746152424557479, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49318, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7683917968687011, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49199, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8708762004632982, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49187, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9991696735818225, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49330, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5760617446672244, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49189, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6704914626392562, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49186, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7020690251701515, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49316, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9456675606191549, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49170, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6983777220046489, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49178, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6771831112316992, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49225, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9540416381511261, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49162, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9793434577408894, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49194, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6815273572290471, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49192, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.776271931397361, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49249, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9812290770781041, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49248, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9269004865779975, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49203, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.675426179227328, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49285, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6625446913871705, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49287, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6797435489049862, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49214, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5229356293541297, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49289, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6422731049411385, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49293, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9163000181350263, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49308, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6920149390603046, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49174, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5307337739960409, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49312, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9391968450200597, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49336, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7037248890620477, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49181, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7556896616318012, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49286, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8409589763250297, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49262, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7012319472281362, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49257, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9311119332187614, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49228, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9295630582672966, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49322, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.975618757580178, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49288, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7899345796334684, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49321, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9757004575733857, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49327, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8095211256434334, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49323, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6536910355132741, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49227, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9352170269026812, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49224, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9500948556317464, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49274, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7896164057466658, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49295, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9204216599657362, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49261, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6761807100951438, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49337, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7182936054369473, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49182, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.609915037944741, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49253, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5993830570444911, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49278, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6002940353645803, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49169, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8393098721901737, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49211, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8252456489064133, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49166, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9173394690609071, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49269, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8804425451866921, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49267, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7797935783966006, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49226, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6219816237727015, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49297, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9651507165790781, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49263, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9219107999925186, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49209, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.749804018938855, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49210, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8503397167372608, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49240, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.999717562079124, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49310, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.886008363551979, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49328, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8762688253688522, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49342, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7017534522636766, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49238, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9514400149087391, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49246, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8481369577729319, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49190, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6681120533328117, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49202, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.952812539485268, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49236, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7788970181203663, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49244, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9050284085930969, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49307, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9685151116997144, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49319, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8012042869675653, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49277, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9619171951447366, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49201, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8700626674775306, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49231, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9054243804966579, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49250, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8206109232482813, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49331, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7760983186115421, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49333, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6480148826431614, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49338, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8117842125805261, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49232, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9251604412578454, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49219, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9715603901471023, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49298, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9524346449004636, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49326, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7359177254850139, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49204, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.872413217346259, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49164, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8128356571279334, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49268, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9797243215332611, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49241, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9975461688238867, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49258, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7549844408325019, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49276, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7284152839353538, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49306, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9226390036590016, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49282, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8795732298064506, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49180, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9388282249369555, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49334, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8133006223635865, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49291, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6611169018412665, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49165, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8394237974606074, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49230, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9426230672497405, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49251, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.594953645932237, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49179, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.8664756844436504, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49233, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9773696513436474, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49270, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9103328482318677, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49317, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8495661586941259, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49229, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.995248917989658, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49325, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.7853497899067285, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49172, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5644370704341645, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49252, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.673033084835841, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49304, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9201257950779532, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49320, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7836376290762277, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49223, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9777387893387068, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49191, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.70713223924829, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49184, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.999831430703893, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49188, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9990365320615877, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49175, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9647139605823071, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49221, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6694690673124158, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49275, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9663870738633014, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49193, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9065707770298514, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49213, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9097916849017884, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49161, "dest_port": 51129, "y_pred": 2, "y_pred_proba_max": 0.7683776990714972, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49280, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.6978219958260657, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49281, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5135672782397152, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49273, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9516037753213813, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49303, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7883851506547559, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49206, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9677342644366878, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49239, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.997530105885503, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49260, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9292089582790488, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49314, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9199507839544299, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49340, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.6097706102924892, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49183, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9992367437755522, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49265, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9606687561026244, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49339, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7065275258994312, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49266, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.868238254489992, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49343, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9302961471434333, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49176, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.7187429521863731, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49185, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.9644225864167885, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49272, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.5250640923352601, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49302, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8610120312357731, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49305, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8976597257520773, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49195, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9123586151413057, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49242, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8850067164792175, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49198, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.5208323091838872, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49222, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8181737787129972, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49256, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8109348672636414, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49344, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8745982822099253, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49254, "dest_port": 51129, "y_pred": 1, "y_pred_proba_max": 0.8613288068910904, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49167, "dest_port": 51129, "y_pred": 3, "y_pred_proba_max": 0.9728084570498172, "2_count": 184, "2_sum": 184, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:29:15.406] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 184|max_alert: 1000 [2025-12-10 10:29:15.406] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:15.406] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:15.406] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:17.982] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25834 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_IP.1727339480.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_IP.1727339480.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022917Z&X-Amz-SignedHeaders=host&X-Amz-Signature=fa326833e7691270e4e797a4dd1eaf85c91c84ea8c9efb02fee834d5806db2f5&X-Amz-Expires=604800"} [2025-12-10 10:29:17.982] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:17.982] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:17.982] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:17.982] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:17.982] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:17.982] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:18.388] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_IP.1727339480.jsonl|result:{"code": 1, "total_count": 84, "alert_count": 84, "abnormal_count": 84, "normal_count": 0, "timestamp": 1765333757983, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53976, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7097137174613701, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53986, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9568620444379906, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53929, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.652439166160231, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53949, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.989469830627991, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53934, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7879349292726511, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53948, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8827720254160503, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53956, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7799041915303908, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53935, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8537678923010523, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53951, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7268548223875532, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53989, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7778278119477656, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53946, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9794970358873141, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53995, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8315195424140174, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53983, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7773923430391433, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53938, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7393767752708775, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53980, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.715272132326064, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53971, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.877110450202344, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53978, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8569222880930275, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54001, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8575308296606916, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54000, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5081042849542182, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54003, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9504484891099336, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53960, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8294881604422543, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53945, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9811484239039856, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53991, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7937306371361653, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54002, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6605176021556671, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53955, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9312194549216598, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53930, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8398226998198514, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53972, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6750930682615004, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53924, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9120598333126073, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53982, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9784867253887355, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53975, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6791126235656763, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53996, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6507002654014227, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53937, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5758942199783782, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53979, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8265133081996126, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53988, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8150723359080869, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53921, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.836403762589436, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53931, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6023748649266634, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53940, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.944187633377688, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53997, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7161435090641636, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53926, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9393568809654613, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53957, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9282637960364166, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53922, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7873625267327947, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53936, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8003600426497569, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53999, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9303419859775965, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53932, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8014071676432983, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53944, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5712718244014525, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53925, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9692691717666108, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53942, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7592233665391579, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53923, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9139105694723427, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53927, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6548331463298686, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53941, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7667269709313624, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53964, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.93116083793422, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53994, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7738970699939143, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53962, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.94939978459922, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53958, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9769553335486666, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53963, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9120270192572084, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53987, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.975471828107136, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53933, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7122968349073746, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53953, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.866226138620796, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53928, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7481115504048469, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53939, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6139006230064715, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53950, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7767389921777231, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53966, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5189199668864457, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53993, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7513086962099772, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53954, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6750915273210129, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53959, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9337551960913452, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53973, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7084784514591502, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53981, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9331319021656421, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53947, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9525376354251084, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53943, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8802265091836545, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53974, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6424747288244927, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53985, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5911767064034527, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53990, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8854714432145646, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53977, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7820243279968885, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53970, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8253856985183537, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53969, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9801742164926764, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53992, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9292137089030135, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53967, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8434302602181997, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53952, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.770638377172429, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53968, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9098845375507889, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53961, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.929255763305386, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53965, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5858334132124475, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54004, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8353477945202226, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53984, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8374826208689425, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53998, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7410932784645787, "2_count": 84, "2_sum": 84, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:29:18.388] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 84|max_alert: 1000 [2025-12-10 10:29:18.388] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:18.388] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:18.388] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:21.085] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24708 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_http.1726054979.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_http.1726054979.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=c984360f75c115f8d94e6ce72f5da15bac509cabb3fedf22d9c9081094f58d5b&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022920Z"} [2025-12-10 10:29:21.085] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:21.085] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:21.085] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:21.085] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:21.085] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:21.086] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:21.304] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_Domain_http.1726054979.jsonl|result:{"code": 1, "total_count": 31, "alert_count": 31, "abnormal_count": 31, "normal_count": 0, "timestamp": 1765333761086, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53105, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53104, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53094, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53096, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53076, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53087, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53085, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53101, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53074, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53088, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53093, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53090, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53103, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53106, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53083, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53084, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53086, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53078, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53097, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53098, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53095, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53082, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53075, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53073, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53089, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53102, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53091, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53100, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53099, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53077, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 53092, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:29:21.304] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 31|max_alert: 1000 [2025-12-10 10:29:21.304] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:21.304] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:21.304] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:24.208] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25835 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_domain.1727228426.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_domain.1727228426.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=d98a2bb6089f4e2f88978aacbb8c03e1d7b9b3873408a7d2858f3c855c532217&X-Amz-Date=20251210T022923Z"} [2025-12-10 10:29:24.208] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:24.208] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:24.208] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:24.208] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:24.208] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:24.209] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:24.682] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID35-httpCS4.8_windowsserver2008_kali_jdk_domain.1727228426.jsonl|result:{"code": 1, "total_count": 324, "alert_count": 324, "abnormal_count": 324, "normal_count": 0, "timestamp": 1765333764209, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49714, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49742, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49522, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49618, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49458, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49748, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49590, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49557, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49490, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49466, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49562, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49584, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49701, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49653, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49680, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49539, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49518, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49556, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49696, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49687, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49629, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49731, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49669, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49744, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49721, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49647, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49661, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49499, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49712, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49464, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49761, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49558, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49764, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49656, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49745, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49607, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49524, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49579, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49650, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49537, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49471, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49535, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49509, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49575, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49613, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49512, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49621, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49671, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49756, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49758, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49746, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49688, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49710, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49605, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49520, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49508, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49722, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49754, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49654, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49703, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49630, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49528, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49555, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49599, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49569, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49587, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49658, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49675, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49548, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49582, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49461, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49506, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49635, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49641, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49670, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49770, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49651, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49741, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49773, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49619, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49777, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49565, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49588, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49625, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49465, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49633, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49649, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49660, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49690, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49676, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49638, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49529, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49608, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49527, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49713, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49553, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49477, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49685, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49580, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49598, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49645, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49596, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49674, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49510, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49679, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49602, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49612, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49724, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49760, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49776, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49775, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49601, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49511, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49483, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49610, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49774, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49521, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49515, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49503, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49550, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49631, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49639, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49648, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49462, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49750, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49530, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49626, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49606, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49624, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49485, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49698, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49683, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49586, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49541, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49730, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49707, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49593, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49655, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49747, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49749, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49500, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49533, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49513, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49551, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49568, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49715, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49595, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49576, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49735, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49615, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49755, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49480, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49708, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49700, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49663, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49532, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49766, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49737, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49534, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49577, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49717, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49628, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49704, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49706, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49538, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49738, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49646, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49564, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49762, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49716, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49668, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49622, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49666, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49604, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49473, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49504, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49723, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49495, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49643, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49491, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49719, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49474, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49763, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49501, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49664, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49677, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49597, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49467, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49644, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49751, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49493, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49697, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49694, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49591, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49543, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49566, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49705, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49695, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49514, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49681, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49531, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49481, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49623, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49482, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49752, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49728, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49470, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49560, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49581, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49699, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49753, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49457, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49519, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49736, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49739, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49729, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49771, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49609, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49574, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49456, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49772, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49673, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49767, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49693, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49592, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49476, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49583, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49620, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49665, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49691, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49634, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49494, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49507, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49492, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49636, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49678, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49686, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49505, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49740, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49484, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49637, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49487, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49627, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49652, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49561, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49542, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49657, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49692, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49585, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49720, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49478, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49734, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49475, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49589, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49765, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49743, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49768, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49614, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49616, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49702, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49662, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49757, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49640, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49733, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49523, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49573, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49468, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49472, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49469, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49578, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49611, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49684, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49463, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49559, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49659, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49682, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49549, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49571, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49455, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49572, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49540, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49711, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49488, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49526, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49689, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49546, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49718, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49459, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49479, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49486, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49672, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49725, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49726, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49632, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49594, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49502, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49563, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49727, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49603, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49545, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49496, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49769, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49497, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49525, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49517, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49489, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49570, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49732, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49547, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49498, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49552, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49617, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49600, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49778, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49516, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49642, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49554, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49759, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49536, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49544, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49460, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49667, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49709, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.112.142", "dest_ip": "192.168.112.140", "protocol": 6, "src_port": 49567, "dest_port": 51139, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 324, "2_sum": 324, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:29:24.682] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 324|max_alert: 1000 [2025-12-10 10:29:24.682] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:24.682] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:24.682] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:27.416] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24709 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_Domain.1730306354.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_Domain.1730306354.jsonl?X-Amz-Expires=604800&X-Amz-Signature=79f7fe689751c041860df006accd3e29c357688bd23c9d5ded3e9d9fcfe71099&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022926Z"} [2025-12-10 10:29:27.416] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:27.416] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:27.416] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:27.416] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:27.416] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:27.416] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:27.740] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_Domain.1730306354.jsonl|result:{"code": 0, "total_count": 42, "alert_count": 0, "abnormal_count": 0, "normal_count": 42, "timestamp": 1765333767416, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:29:27.740] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:29:27.740] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:30.637] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25491 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_Domain.1730306699.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_Domain.1730306699.jsonl?X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=bc2149a631a504a6330e4b3bbb30c13d3beb77c46d3eae5a79a283b82ff3469f&X-Amz-Date=20251210T022930Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:29:30.637] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:30.637] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:30.637] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:30.637] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:30.637] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:30.637] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:31.009] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_Domain.1730306699.jsonl|result:{"code": 1, "total_count": 45, "alert_count": 45, "abnormal_count": 45, "normal_count": 0, "timestamp": 1765333770637, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51480, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.6534496807577612, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51506, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9507442374854301, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51491, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7812837432031107, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51477, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9406692299610012, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51469, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8815730488825807, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51483, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9282103532133709, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51527, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9066065566736474, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51524, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8101483217757857, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51462, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7483962580496625, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51509, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9678765462168811, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51459, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8838388710594299, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51468, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8202785088622463, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51474, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9237159428555212, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51526, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9062436487834582, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51489, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.6234981026606723, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51458, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.971093281452582, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51449, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8647050822181608, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51519, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8180808206578049, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51516, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9870585794822262, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51448, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8464492922397163, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51502, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9132560367494885, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51521, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9739883477394619, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51473, "dest_port": 8888, "y_pred": 3, "y_pred_proba_max": 0.644295062698061, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51514, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.6529439292842751, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51500, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.863524869285478, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51503, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.875056607069014, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51511, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8321823465933009, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51507, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9324599006201146, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51484, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7102674264202697, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51490, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7989387895898239, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51522, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9855057948728629, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51488, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9570656353636285, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51512, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8113020585917197, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51461, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8466053345492902, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51494, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.676780596911354, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51456, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.8480149505661796, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51464, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.710700964942956, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51465, "dest_port": 8888, "y_pred": 3, "y_pred_proba_max": 0.7158868587585212, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51475, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7233343602447118, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51501, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9790326353242975, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51518, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9413632233473177, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51495, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7651206821411612, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51498, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.7898729745933586, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51497, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.979939403633986, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51471, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9573222054813282, "2_count": 45, "2_sum": 45, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:29:31.009] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 45|max_alert: 1000 [2025-12-10 10:29:31.009] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:31.009] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:31.009] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:33.839] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25836 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID1-1-tls1.2CS4.8_win11_kali_jdk_IP.1730650871.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID1-1-tls1.2CS4.8_win11_kali_jdk_IP.1730650871.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=71cb628ab5a0a5f666fc7e589bb813fe56112f47fff7770772c1f230a85c50b8&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T022933Z"} [2025-12-10 10:29:33.839] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:33.839] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:33.839] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:33.839] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:33.839] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:33.840] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:34.226] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID1-1-tls1.2CS4.8_win11_kali_jdk_IP.1730650871.jsonl|result:{"code": 1, "total_count": 49, "alert_count": 49, "abnormal_count": 49, "normal_count": 0, "timestamp": 1765333773840, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50431, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7409351698886841, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50531, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7528241490339651, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50455, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9332500284511566, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50509, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.55852958267165, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50520, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.666514705700526, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50539, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9535405668333639, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50542, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6367978709846803, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50546, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9285078732078361, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50547, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9618936090685591, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50552, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9049283312099418, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50556, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.912426256580924, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50563, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.848304790876697, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50566, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.5096535393395003, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50506, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9706781995684648, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50510, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.5752123023136946, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50522, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7818604975645257, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50540, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7619668805752586, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50550, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.839254277632684, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50551, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9767589661446414, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50513, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8467097601065157, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50541, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.7367312462347306, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50565, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6764603381720179, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50537, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9418821527347296, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50534, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7564222589794545, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50436, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7876183685075463, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50469, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7854640899653569, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50519, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.5720546880042181, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50524, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9808044393978423, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50543, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8505209376793788, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50512, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8231076811888173, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50533, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8250831941115909, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50554, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8343387916460934, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50562, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7798562185669838, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50548, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6375912381305254, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50558, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8567067081180528, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50545, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7626007994770011, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50529, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9110134710018434, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50507, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7485935589744371, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50560, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8319415626042109, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50557, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.948811607816602, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50527, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9440463126317352, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50515, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9735751981977914, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50516, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8762727479954106, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50521, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.5515501702260989, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50430, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7426793469736765, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50439, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9110289525670797, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50525, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.88430090115156, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50487, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9829910923684625, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50488, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6972829426835475, "2_count": 49, "2_sum": 49, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:29:34.226] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 49|max_alert: 1000 [2025-12-10 10:29:34.226] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:34.226] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:34.226] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:37.046] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25492 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID1-1-tls1.3CS4.8_win11_kali_jdk_IP.1730649414.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID1-1-tls1.3CS4.8_win11_kali_jdk_IP.1730649414.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=54f6fb025c98fa217d2e429e1900eee3899635efa5d768d34676afcf55214df1&X-Amz-Date=20251210T022936Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:29:37.046] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:37.046] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:37.046] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:37.046] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:37.046] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:37.047] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:37.363] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID1-1-tls1.3CS4.8_win11_kali_jdk_IP.1730649414.jsonl|result:{"code": 1, "total_count": 44, "alert_count": 44, "abnormal_count": 44, "normal_count": 0, "timestamp": 1765333777047, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 49983, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9522840919648836, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50008, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.770564314329767, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50019, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7704305984068052, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50028, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7706116842000286, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50030, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7278209235881679, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50085, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7698481031909958, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50056, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.948474199455215, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50087, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8335433408314439, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50111, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6695116275583143, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50040, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9035923836708338, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50043, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.5384406514342021, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50017, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7972603773783307, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50038, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.605751260320874, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50009, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9534323373097663, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50079, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8696736020600491, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50007, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7141543730055839, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50020, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.7752996434974021, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50006, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9401227544538059, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50021, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9425552515379603, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50095, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.6861094247332293, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50016, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.9274958781245288, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50115, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7635344170372543, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50123, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.541367028115992, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50000, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9402231242934551, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50116, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6443976682581195, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50091, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8792590217721241, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50027, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9166414781156934, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 49982, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8342900192395903, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50023, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.902835158209859, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50050, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.892682901913958, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50031, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8273850464913237, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50122, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.7474180921125376, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50022, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.810364073278541, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50037, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.92229473077408, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50035, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8076493392613169, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50051, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8311161550611524, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50005, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9564944821122344, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50001, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8679707103635019, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50011, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.5881055050157987, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50029, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.7404379825050628, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50099, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8585322442538292, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50018, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.8451425727689915, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50010, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8674442948212914, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50047, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.703407831812099, "2_count": 44, "2_sum": 44, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:29:37.363] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 44|max_alert: 1000 [2025-12-10 10:29:37.363] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:37.363] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:37.363] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:40.264] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24710 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID1-4-tls1.2CS4.8_win11_kali_jdk_Domain.1730650467.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID1-4-tls1.2CS4.8_win11_kali_jdk_Domain.1730650467.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=73d51caeb45127770de3b483f6c030df24cc6a699c1e8b1fa80f795a125109e7&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022939Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:29:40.264] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:40.264] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:40.264] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:40.264] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:40.264] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:40.265] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:40.575] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID1-4-tls1.2CS4.8_win11_kali_jdk_Domain.1730650467.jsonl|result:{"code": 1, "total_count": 47, "alert_count": 47, "abnormal_count": 47, "normal_count": 0, "timestamp": 1765333780266, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50346, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9570639350386434, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50330, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8389904620093418, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50357, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8723181106892521, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50318, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8718724222397368, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50355, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8352341318578734, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50353, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9221018642168902, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50312, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7373827337295659, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50322, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9403448655359128, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50301, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5492209412043578, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50304, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9227577018654767, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50315, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7293206194479023, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50298, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9715451836946997, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50323, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8858233234561498, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50345, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8863718763573442, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50354, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7881202570821161, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50348, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7995865193304741, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50300, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8316042020919898, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50349, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9457553303155715, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50334, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.953518686199493, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50309, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9367704288302448, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50337, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.833707026146507, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50347, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5074750917461794, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50284, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8410946709775775, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50369, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.878796321075814, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50371, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8298544734362666, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50338, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7583126904088858, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50303, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9284280309327152, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50332, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7432704194372974, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50356, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9760609489965495, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50370, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9428792089114146, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50326, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7094645064505605, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50299, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9181457379525828, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50335, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9418827962313508, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50314, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5449089326846577, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50317, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9188967509014137, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50295, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7564601731928327, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50285, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8594071615987103, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50308, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8725547918450054, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50311, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9429740203174176, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50296, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.95494657932494, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50336, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9139037144736866, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50367, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8703433436610518, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50324, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9288487105339074, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50360, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8517623081967094, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50290, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6171746379846506, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50340, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9746446553276052, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.5.122", "protocol": 6, "src_port": 50327, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8730106199399839, "2_count": 47, "2_sum": 47, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:29:40.575] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 47|max_alert: 1000 [2025-12-10 10:29:40.575] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:40.575] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:40.575] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:43.472] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25493 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_domain.1727400446.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_domain.1727400446.jsonl?X-Amz-Date=20251210T022942Z&X-Amz-Expires=604800&X-Amz-Signature=877c1ef2e49065b716afa281a31f9064b6f4f61b23a9fb4ab405f44c79da9d36&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:29:43.473] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:43.473] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:43.473] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:43.473] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:43.473] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:43.473] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:43.857] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID43-tls1.2CS4.8_windowsserver2016_ubuntu_jdk_domain.1727400446.jsonl|result:{"code": 1, "total_count": 72, "alert_count": 72, "abnormal_count": 72, "normal_count": 0, "timestamp": 1765333783473, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50190, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.5332467764885833, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50148, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.933889813975273, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50189, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7788473533532436, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50193, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9275622195428737, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50197, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9889738465345559, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50160, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.689497318382247, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50169, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9782850911170348, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50199, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9766541355973589, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50168, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.982263689933675, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50187, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7104541989429064, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50146, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.5330434019802295, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50171, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.965171183861655, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50177, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9771752387145426, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50200, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9549029612191111, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50147, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8933595596506126, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50175, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.6690266656466186, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50165, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8941148885458237, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50183, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9497413198116241, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50185, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.979895768858013, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50141, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7215970563815516, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50167, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8490728609778261, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50170, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9100832608153238, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50163, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.5265923354323898, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50176, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.987694368190706, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50186, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.933881307867239, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50152, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8827416447453953, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50153, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9730641797516051, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50191, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8849023979429933, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50195, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9731152505452543, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50202, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9444428003931248, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50161, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.5986787170624236, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50206, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7737243521229905, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50164, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.5813378438540796, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50174, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8119943216134878, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50181, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7524764170790574, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50182, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9460782730349658, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50149, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9762438179222322, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50205, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8850271139555869, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50184, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9366567315316121, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50180, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9122908558850786, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50196, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9829926493861587, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50166, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9069583444485391, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50138, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.4851205539197987, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50203, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9673569875092349, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50145, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9701664948086928, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50143, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.97820633925699, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50178, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9539547645678712, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50198, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9850942510784844, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50192, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.6092034238533991, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50172, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9603872569869643, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50150, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9552864080738671, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50173, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.920475982996381, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50151, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8137991929027085, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50154, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.930395891506149, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50156, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9490942607683032, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50209, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8450986299027614, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50155, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9703676165237978, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50140, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8380274612922531, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50139, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8199029028664938, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50179, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9482964921699372, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50144, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9747735310251405, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50159, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9006105715803133, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50162, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.589188935082093, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50204, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9115284508458358, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50207, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9242358342072472, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50194, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9446378232150051, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50188, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8217881136553307, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50158, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.6721742338768636, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50157, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7384086151238073, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50201, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9272243266170151, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50142, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9776610689091709, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50208, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.871464347692098, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:29:43.857] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 72|max_alert: 1000 [2025-12-10 10:29:43.857] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:43.857] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:43.857] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:46.684] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24711 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_domain.1727333188.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_domain.1727333188.jsonl?X-Amz-Expires=604800&X-Amz-Signature=01817e25056bf29ab1d15b07cbe58f7c6726c59786d16356197d645ef660203a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022946Z"} [2025-12-10 10:29:46.684] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:46.684] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:46.684] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:46.684] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:46.684] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:46.685] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:47.093] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_domain.1727333188.jsonl|result:{"code": 1, "total_count": 71, "alert_count": 71, "abnormal_count": 71, "normal_count": 0, "timestamp": 1765333786685, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52200, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8019309597385412, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52224, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.726989856517231, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52176, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8622155120993188, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52193, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8494918741425772, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52167, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8656317489180502, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52188, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9680649101200287, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52227, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6328486408017799, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52162, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8975157391026591, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52171, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.5630000682491543, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52212, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7718678970767923, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52163, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.939932794502004, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52180, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.906543319192246, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52226, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.5414690391851522, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52157, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8981427145431216, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52184, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9589969077958768, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52173, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7994450923602808, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52196, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7807819354674744, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52202, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8936942966314548, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52172, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6940810894114393, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52213, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.5593010776264328, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52187, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.8723394786193065, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52189, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.5997081946443462, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52177, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6256068117788328, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52156, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.4093857082491162, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52170, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9416769048642595, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52198, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.677585870950747, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52222, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9362164810475315, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52201, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9520223068544338, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52223, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7809360873974998, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52181, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6752643908627303, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52168, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9102903057385067, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52185, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.5015770688532734, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52161, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9905428449878686, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52207, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8201072823170559, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52178, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.575191534103997, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52197, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.911715498285485, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52209, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8953554390212164, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52211, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.823116337363419, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52169, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8216321689657454, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52220, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9189888399655154, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52183, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8807918473088079, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52160, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9894715624731266, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52195, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9415735277193573, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52186, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.6235350910112814, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52190, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8960649992103199, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52225, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7517913521693894, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52191, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8591250056011214, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52205, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9635429432168606, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52216, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9265821211597676, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52218, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7079242877097539, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52219, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9478427392033695, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52165, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.8233796803015405, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52221, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9301893526126582, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52204, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7110640595961236, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52179, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7348299508609937, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52217, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9238271788324119, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52208, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9590041477192529, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52166, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.7550881542848443, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52175, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8133248983082535, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52174, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.7088347767556308, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52199, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7920487433228584, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52182, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8777400328054021, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52159, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7582077641890126, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52214, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.4978313859356064, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52203, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7889695016886833, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52206, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9249896947298869, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52210, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.713172576120535, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52164, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9551076106030785, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52192, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9602779269293468, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52215, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8473536482126117, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52194, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7129693961172986, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:29:47.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 71|max_alert: 1000 [2025-12-10 10:29:47.093] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:47.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:47.093] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:49.787] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25494 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_domain.1726068805.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_domain.1726068805.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=1706fe74571f8fb773017db14269f7dcf7a4d5475fc77e55f2b3d9ec03f0ab88&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022949Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:29:49.787] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:49.787] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:49.787] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:49.787] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:49.787] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:49.788] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:50.052] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID11-httpCS4.8_win8.1_ubuntu_jdk_domain.1726068805.jsonl|result:{"code": 1, "total_count": 25, "alert_count": 25, "abnormal_count": 25, "normal_count": 0, "timestamp": 1765333789788, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49394, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49374, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49379, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "23.63.243.99", "protocol": 6, "src_port": 49376, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49395, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "23.222.166.237", "protocol": 6, "src_port": 49377, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49382, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49387, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49386, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49385, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "149.100.155.122", "protocol": 6, "src_port": 49371, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49388, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49368, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49373, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49375, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "149.100.155.122", "protocol": 6, "src_port": 49369, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49383, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49384, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49389, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "138.113.153.218", "protocol": 6, "src_port": 49378, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49390, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49391, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "149.100.155.122", "protocol": 6, "src_port": 49380, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 3, "2_sum": 3, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49392, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49393, "dest_port": 8889, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 17, "2_sum": 17, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:29:50.052] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 25|max_alert: 1000 [2025-12-10 10:29:50.052] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:50.052] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:50.052] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:52.982] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25837 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_IP.1730305580.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_IP.1730305580.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T022952Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=aab0b6e46e565b574ec489cf291f24a1584a67f091d730e3bc20d3b3d8a17db4"} [2025-12-10 10:29:52.982] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:52.982] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:52.982] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:52.982] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:52.982] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:52.983] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:53.286] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID2-4-tls1.3CS4.8_win11_kali_openjdk_IP.1730305580.jsonl|result:{"code": 0, "total_count": 39, "alert_count": 0, "abnormal_count": 0, "normal_count": 39, "timestamp": 1765333792983, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:29:53.286] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:29:53.286] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:56.153] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24712 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_IP.1727154295.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_IP.1727154295.jsonl?X-Amz-Date=20251210T022955Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=cde7d31b46cce2f3426868d107b2e9354faf469a3bffe96953e59cc7f38b023c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:29:56.153] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:56.153] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:56.153] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:56.153] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:56.153] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:56.153] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:56.507] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_IP.1727154295.jsonl|result:{"code": 1, "total_count": 68, "alert_count": 68, "abnormal_count": 68, "normal_count": 0, "timestamp": 1765333796154, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50092, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9451515752873013, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50050, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9986159389900082, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50090, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.915679843246884, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50039, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6313540024330998, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50037, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50052, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9688036894685641, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50049, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9193453040303777, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50084, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7067229318053266, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50075, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9408354855712204, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50093, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8628554551251637, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50095, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9321599343219462, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50097, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.961587274362697, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50098, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.765666056912715, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50048, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9562646498804207, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50056, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9495167332439841, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50091, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9708651741431864, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50089, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9970658455771895, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50042, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9813134337910734, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50047, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9592047131554816, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50083, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8255198620346854, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50072, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9101845270546904, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50040, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9706352411166825, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50104, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9980946984310067, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50054, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9686263246315177, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50062, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9707376487545912, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50065, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.964503425552369, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50085, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9278062426408744, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50079, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9621837616439113, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50051, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9036532762925971, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50103, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9014471983600338, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50086, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9454239873600364, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50058, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7996622346697402, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50102, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7194932458716657, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50094, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.958585219862154, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50068, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8670655557138458, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50046, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9934761879320912, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50077, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9485385495149261, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50073, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7789361591320664, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50057, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6895157668877497, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50060, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9225836460156668, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50100, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7928048530566822, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50055, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8794568850846123, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50082, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9744027187849323, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50044, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8116589287260333, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50059, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9451335640893533, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50043, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9518385673271276, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50101, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5365840650974703, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50066, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6686994279670726, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50080, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8539824265540789, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50087, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9454109013177424, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50074, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9141119435787239, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50069, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9263542060588672, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50041, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7129343161261477, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50099, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8077615400432819, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50063, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7524609017499579, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50070, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9962990618804092, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50076, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7177358666081637, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50064, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.920209059449094, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50096, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8903550322275481, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50038, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9677449374066276, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50071, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9679657854585794, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50053, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5437788374170198, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50061, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9181476333236057, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50081, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9637352341093589, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50078, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8566228375120293, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50088, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.91719749719828, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50067, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6385632740262296, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50045, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8839649115616273, "2_count": 68, "2_sum": 68, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:29:56.507] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 68|max_alert: 1000 [2025-12-10 10:29:56.507] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:56.507] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:56.507] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:29:59.338] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25495 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_IP.1727155835.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_IP.1727155835.jsonl?X-Amz-Signature=f110e57e3c679a634b8f66113c9bdff182255d1ba5e96cc6776a66226f325458&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T022958Z&X-Amz-Expires=604800"} [2025-12-10 10:29:59.338] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:29:59.338] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:29:59.339] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:29:59.339] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:29:59.339] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:29:59.341] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:29:59.698] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID13-tls1.2CS4.8_win8_kali_jdk_IP.1727155835.jsonl|result:{"code": 1, "total_count": 65, "alert_count": 65, "abnormal_count": 65, "normal_count": 0, "timestamp": 1765333799341, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50186, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9980325459788237, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50180, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9695585825048506, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50194, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9730338788223877, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50234, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9187268641675644, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50220, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8501888374113484, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50232, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.610663789755218, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50183, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9701315590496297, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50190, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9307815464609354, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50224, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8677773572723557, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50206, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9729443046478322, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50189, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9788980811257662, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50238, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.951635162803181, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50211, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.919372293484162, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50202, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.5661474999394581, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50181, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9318803763641275, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50229, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9190232985373901, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50217, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.92285419618966, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50173, "dest_port": 8001, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50184, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9047838349342793, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50208, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9243540659234875, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50207, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9835365791466364, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50218, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9675906759097409, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50185, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9358410169127646, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50225, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.962058109290631, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50209, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9204172094936999, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50200, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.924785880937046, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50228, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9668893355122543, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50192, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.7706255713833702, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50204, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9385700169454037, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50216, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9126614016023608, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50187, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9198561921498767, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50201, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8864871343721881, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50188, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9803912339333318, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50195, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9401913312281446, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50205, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9583940864575231, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50210, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9308166427770547, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50221, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9416925335484335, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50226, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9111393035190335, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50177, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.980878741079023, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50237, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9686593038033358, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50227, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9675066245626636, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50199, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.559842093894164, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50175, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9988818029381639, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50196, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8791195650189084, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50239, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9923269924541407, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50241, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.5928335152443728, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50219, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9223060093640993, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50223, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9037859370131847, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50198, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9589185063014187, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50179, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.7658867928449715, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50212, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9278492942768202, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50178, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.9322774135776505, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50236, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.9989419130010209, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50240, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9812458766039883, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50235, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9351102835046282, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50231, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9719873437459042, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50222, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8532746399782163, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50230, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9839683060264746, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50197, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9318025321808883, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50182, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.6259837725652747, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50213, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9931490362523215, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50215, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9297063237343295, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50191, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9873054591409861, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50193, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.5316720349045349, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50203, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.55048140342522, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:29:59.699] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 65|max_alert: 1000 [2025-12-10 10:29:59.699] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:29:59.699] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:29:59.699] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:02.541] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25496 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_domain.1727340269.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_domain.1727340269.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T023002Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=e86006c0f85ae27e5a8238ad9670fe78b1af2ad7ffd629f5a31fc3d89f1ccfaf&X-Amz-SignedHeaders=host"} [2025-12-10 10:30:02.541] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:02.541] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:02.541] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:02.541] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:02.541] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:02.541] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:02.977] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID42-tls1.2CS4.8_windowsserver2016_kali_openjdk_domain.1727340269.jsonl|result:{"code": 1, "total_count": 63, "alert_count": 63, "abnormal_count": 63, "normal_count": 0, "timestamp": 1765333802542, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54283, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9564530715027103, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54286, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9389873543601166, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54302, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9543878307208462, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54264, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9361259429647771, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54292, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9689863075486125, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54311, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.957076840507715, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54279, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9732540080090185, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54299, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9363726723925413, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54269, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8240868973568249, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54288, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7385175461446585, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54306, "dest_port": 8070, "y_pred": 3, "y_pred_proba_max": 0.5390819996892412, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54318, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8511905154691065, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54321, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9741225312246382, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54287, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8182789170784794, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54268, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9435342518601219, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54285, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9459871906497522, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54294, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8983259722666408, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54305, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9573628319992948, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54291, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9437685528559473, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54277, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9833963368271451, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54310, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8325211588977817, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54322, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7586277883548395, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54324, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7631510373623915, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54315, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9336194415518306, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54271, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7245994859697605, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54297, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8750928848375036, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54300, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9710544182611289, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54275, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9139799819919529, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54263, "dest_port": 8070, "y_pred": 2, "y_pred_proba_max": 0.7202727441518959, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54307, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.6409481102037257, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54272, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7852385620391517, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54290, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7055287745161242, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54298, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9439788706474223, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54284, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8873301538793522, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54301, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9131090963416657, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54282, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8771662321741778, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54309, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9051632637352127, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54303, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8463411466267733, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54313, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.5228520959371148, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54304, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9779489085952777, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54319, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7117296062436028, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54280, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9297159973623893, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54281, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9354179763406326, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54295, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.981550195144498, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54317, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9167854135592587, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54312, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8888058110583327, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54325, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.6562563188800247, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54278, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7993918359854975, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54270, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.6541422740155358, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54323, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9342338846770956, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54273, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9796930506905254, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54296, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9832712991088768, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54316, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9292401056885424, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54289, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8271871949857662, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54293, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9746748631886025, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54308, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9402758127494969, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54320, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8740108981174052, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54266, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8150896088385378, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54274, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7961027793299416, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54265, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7849349509968822, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54267, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.947009351035173, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54276, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.8603405530654629, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54314, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.7181061126883375, "2_count": 63, "2_sum": 63, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:30:02.977] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 63|max_alert: 1000 [2025-12-10 10:30:02.977] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:02.977] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:02.977] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:05.722] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25838 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_IP.1727159432.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_IP.1727159432.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T023005Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=7578cfc576353f0df8ad38a8f3c5f9b327578cfc5be2b2638a750d76190d9d8e&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:30:05.722] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:05.722] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:05.722] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:05.722] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:05.722] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:05.722] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:06.146] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID16-tls1.2CS4.8_win8_ubuntu_openjdk_IP.1727159432.jsonl|result:{"code": 1, "total_count": 65, "alert_count": 65, "abnormal_count": 65, "normal_count": 0, "timestamp": 1765333805722, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50395, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8726484804235205, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50382, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9496372172915218, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50407, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9602770942633632, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50437, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9513245590457864, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50404, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9392730278789048, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50420, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.767283507967873, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50402, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9809113790871578, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50433, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9632733212855549, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50414, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.986875559465868, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50389, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8422110126785458, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50423, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7495260192540675, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50401, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6818961035202294, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50392, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997143779426744, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50410, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8967651727407784, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50429, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7907235975959688, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50394, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8796379980320526, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50428, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8647353419649066, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50379, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50418, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9646794577001432, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50409, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9495366226425673, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50432, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5755065543657735, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50422, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9087612364284736, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50441, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9270757817813389, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50425, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9921048970580018, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50387, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.998468546369275, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50408, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8949042243688631, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50440, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.778322465747117, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50413, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.943781652889414, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50421, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8558747707110991, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50411, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9980761146243456, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50430, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8681962551264064, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50391, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7347430159455198, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50415, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5854676561521224, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50417, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7042730175980353, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50424, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7542538691551356, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50419, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9792067607745986, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50436, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8821149566070617, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50381, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9907433883705469, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50386, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7136927693998026, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50399, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9838539204974263, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50426, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7953762196208882, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50412, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9951402887164129, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50380, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9994612239540844, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50383, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5006338457549027, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50396, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9985361249728576, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50390, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9678236427178376, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50443, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6108380006412945, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50416, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9104592092717328, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50434, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9702095796613037, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50398, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9182914273706004, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50431, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5946302631072571, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50400, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9184907433476277, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50393, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8910501015159352, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50384, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9439779894358182, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50397, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9169093286493782, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50403, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8133093874124044, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50438, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9239789628022154, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50385, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9992875913993934, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50388, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.841125370966926, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50406, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7568978585660701, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50427, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8457768712055491, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50405, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9681301705689233, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50439, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6039410775492351, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50435, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.873105714454628, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50442, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8752148758264221, "2_count": 65, "2_sum": 65, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:30:06.146] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 65|max_alert: 1000 [2025-12-10 10:30:06.146] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:06.146] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:06.146] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:08.915] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25839 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_IP.1727336842.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_IP.1727336842.jsonl?X-Amz-Signature=6d2b731d985ea7471b1bee25566fd1351529facbfc382454b686f287f4839715&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023008Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:30:08.915] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:08.915] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:08.915] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:08.915] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:08.915] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:08.915] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:09.338] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID41-tls1.2CS4.8_windowsserver2016_kali_jdk_IP.1727336842.jsonl|result:{"code": 1, "total_count": 61, "alert_count": 61, "abnormal_count": 61, "normal_count": 0, "timestamp": 1765333808915, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51144, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8098538462318634, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51140, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8382237239026186, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51173, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9552759788013808, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51194, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5213311646560579, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51185, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9022546715208096, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51166, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7512951403265733, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51145, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8893645975551419, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51142, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.960468635468301, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51139, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9808865040596606, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51138, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9641760765735979, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51172, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8024546197843861, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51152, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7498611959234643, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51156, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.948290879509835, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51160, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9314128929048769, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51186, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9635581642153224, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51193, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8928567300960533, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51158, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5265485383532306, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51187, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8466657695254306, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51167, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8664515938337393, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51164, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6705290598956712, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51149, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9799252394866419, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51162, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997377851932485, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 50792, "dest_port": 8000, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51179, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9412731360469947, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51181, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.702755706367141, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51183, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6861730168581167, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51141, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9512418870031208, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51143, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9557513945091047, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51175, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7270146464413063, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51177, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5354534552824174, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51170, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9110646816699018, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51184, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9195032648533846, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51189, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.958472713306597, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51188, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7568428360679378, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51147, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9809412803182338, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51155, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9736189018408796, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51182, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5938102148400632, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51165, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6665096753534986, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51190, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8731068262857807, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51001, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.37948917450859804, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51176, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.884340743592107, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51159, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9655502120843976, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51180, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9023567285736286, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51153, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9745749820465286, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51157, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9445748735491024, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51148, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9203932730820096, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51169, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8934310048997103, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51174, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9446273934218422, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51192, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9438009719535747, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51161, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8366154777576364, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51146, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9854785328257445, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51171, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9536471297601031, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51178, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9179222834689442, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51195, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6626498783770713, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51151, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7633574238858089, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51154, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9734747866495819, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51150, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8377810654749864, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51002, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.748068733977133, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51163, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8361285582496254, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51191, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.811887557182781, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51168, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9009561348555744, "2_count": 61, "2_sum": 61, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:30:09.338] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 61|max_alert: 1000 [2025-12-10 10:30:09.338] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:09.338] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:09.338] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:12.096] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25497 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51802.1726814707.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51802.1726814707.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=118afce1427bfab47b6febc1aebb0a99666e0d460a70b9217ca4b8dc05d3acfc&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T023011Z"} [2025-12-10 10:30:12.096] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:12.096] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:12.096] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:12.096] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:12.096] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:12.097] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:12.288] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51802.1726814707.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333812097, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51802, "dest_port": 446, "y_pred": 2, "y_pred_proba_max": 0.886097405910754, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:30:12.288] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:30:12.288] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:12.288] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:12.288] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:15.281] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25498 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51144.1726796447.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51144.1726796447.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023014Z&X-Amz-Signature=2d8c13c2f03901d7adf3ff0073e46085bd77fc0b8f3262252f63fffbccb16ca3&X-Amz-Expires=604800"} [2025-12-10 10:30:15.281] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:15.281] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:15.281] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:15.281] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:15.281] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:15.282] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:15.484] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51144.1726796447.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333815282, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.126.139", "dest_ip": "192.168.126.132", "protocol": 6, "src_port": 51144, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.385851583840364, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:30:15.484] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:30:15.484] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:15.484] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:15.484] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:18.472] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25499 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51262.1726800644.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51262.1726800644.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=84068908256123e497d0811ae807bd495cbc25c2026485ec568745598adc6106&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023017Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:30:18.472] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:18.472] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:18.472] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:18.472] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:18.472] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:18.473] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:18.702] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID30-tls1.2CS4.8_ubuntu_kali_openjdk_domain.pcap.TCP_192-168-126-132_446_192-168-126-139_51262.1726800644.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765333818473, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:30:18.702] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:30:18.702] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:21.670] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25500 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51900.1726817532.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51900.1726817532.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=d84b82e43cff736090a25c7b4aca84303be10bfdd3bd38e0da923b92744a9cb7&X-Amz-Date=20251210T023021Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:30:21.670] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:21.670] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:21.670] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:21.670] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:21.670] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:21.671] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:21.870] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID29-tls1.2CS4.8_ubuntu_kali_jdk_IP.pcap.TCP_192-168-126-132_443_192-168-126-139_51900.1726817532.jsonl|result:{"code": 0, "total_count": 1, "alert_count": 0, "abnormal_count": 0, "normal_count": 1, "timestamp": 1765333821671, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:30:21.871] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:30:21.871] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:24.866] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25840 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401942.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401942.jsonl?X-Amz-Date=20251210T023024Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=ddf41952439cd1fd8895620bc6bd98e6fcf7ed45938372fa8db8224121a291e0&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:30:24.866] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:24.866] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:24.867] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:24.867] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:24.867] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:24.867] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:25.209] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401942.jsonl|result:{"code": 1, "total_count": 58, "alert_count": 58, "abnormal_count": 58, "normal_count": 0, "timestamp": 1765333824867, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50562, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9312415867955829, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50599, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.671135920219859, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50566, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.751676409440836, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50611, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8217182321309826, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50602, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8964899244708837, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50591, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.981820601558229, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50598, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8596664763310572, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50557, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8929601492059437, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50564, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.979878138237713, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50612, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9405019676738905, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50615, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6732052034793512, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50582, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9383541375972156, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50604, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8017323717093463, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50584, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.791225018010114, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50588, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9157595821356634, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50600, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9651550028374658, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50605, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.96463189380175, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50590, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9682856707084341, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50581, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.932180031220131, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50556, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9353197866531816, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50575, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7986478039406552, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50589, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7365544804053619, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50565, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9714924852648004, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50573, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8675763574077542, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50567, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9768990598133026, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50608, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9361660568638587, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50601, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9555965588491251, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50603, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7368369160319744, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50587, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5539180224437122, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50572, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9534469582439993, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50569, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6063767129616654, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50585, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9316644775482134, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50563, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8128504163826346, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50577, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7341732195130086, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50586, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8923512085977876, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50606, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9860171670689037, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50583, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9441908151197304, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50616, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7905870390891184, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50593, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5881729403931848, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50574, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7414796880581952, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50578, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.889845462296452, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50595, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8251096487589925, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50561, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8167839195440111, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50571, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6918064726495353, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50613, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9196045126741191, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50570, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9419346182555294, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50607, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8069653158560977, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50580, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9359445705452927, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50609, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.90740063674653, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50594, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8208361208636802, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50576, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7954543707452366, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50610, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9266223036688434, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50614, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8508948820355978, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50597, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9345971709002083, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50579, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7493241478682623, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50596, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7162124611716104, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50568, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7921739651929108, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50592, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.919938353908413, "2_count": 58, "2_sum": 58, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:30:25.209] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 58|max_alert: 1000 [2025-12-10 10:30:25.209] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:25.209] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:25.209] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:28.065] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25841 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_IP.1727332428.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_IP.1727332428.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=9e1f5dbd56c8b24a64fda59f50466fcca819e1b68efdf32d1f13d520398793d7&X-Amz-Date=20251210T023027Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:30:28.065] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:28.065] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:28.065] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:28.065] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:28.065] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:28.065] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:28.422] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID45-tls1.2CS4.8_windowsserver2022_kali_jdk_IP.1727332428.jsonl|result:{"code": 1, "total_count": 54, "alert_count": 54, "abnormal_count": 54, "normal_count": 0, "timestamp": 1765333828065, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51901, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7452479157167977, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51920, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8802703266762615, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51877, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8997009126260364, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51879, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6261750887607981, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51878, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8713640140429504, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51886, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.980841005367989, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51889, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8436825108778546, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51896, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9433411412845664, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51872, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9608696409674405, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51883, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7214030444811316, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51876, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7925632132063418, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51902, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7786726705117748, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51909, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.963953032825009, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51921, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7016685223157152, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51900, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8418888360427375, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51903, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9289580438085885, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51868, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.8033986762067085, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51892, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9279227404209224, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51912, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8534501181606403, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51917, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9318026551575844, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51871, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9478638588669831, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51874, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8460661302868131, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51918, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9054689944592235, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51915, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8551843048958641, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51891, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8070400115957211, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51895, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8059558091693106, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51880, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.649130574904148, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51893, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9829687629138733, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51910, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8277621355950366, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51913, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8371093589905179, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51908, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.955448540577832, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51898, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8027970627763823, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51904, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6548978381836824, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51919, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6780696022305538, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51897, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9544300975250505, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51884, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9625488403566037, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51916, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9766507503225375, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51907, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9386884144970506, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51922, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7564844781826281, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51875, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8261131792930604, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51869, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9711673404775854, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51890, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6044335869391539, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51906, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8473257553609099, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51885, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9908302382502571, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51914, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.948035168306694, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51888, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5138420994526052, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51881, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7184754516198423, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51873, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7502206533552567, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51887, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5324072086040366, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51911, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9743479216674278, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51899, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7502450849095001, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51882, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9388900985100046, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51894, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9519440853110971, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51905, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6965624929877262, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:30:28.422] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 54|max_alert: 1000 [2025-12-10 10:30:28.422] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:28.422] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:28.422] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:31.255] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25842 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_domain.1727331505.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_domain.1727331505.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=69444758cf2036056ad17162aef00ac9bbccdaa0364b63d50a223f37b1ddc330&X-Amz-Date=20251210T023030Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:30:31.256] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:31.256] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:31.256] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:31.256] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:31.256] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:31.256] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:31.650] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_domain.1727331505.jsonl|result:{"code": 1, "total_count": 54, "alert_count": 54, "abnormal_count": 54, "normal_count": 0, "timestamp": 1765333831256, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51568, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6562078906631288, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51564, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9433931885735131, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51586, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9728301861513698, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51595, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7418300727893348, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51592, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8659493806101668, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51597, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7631784044885759, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51590, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8527197639076306, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51598, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9570188724835563, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51602, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.814723934958539, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51582, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7754980087465008, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51603, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9097448896182906, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51604, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.71147578927388, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51576, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9540441271191156, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51556, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.751808175597194, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51587, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7686805153793731, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51589, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9712372887158539, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51607, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9361360969997798, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51608, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8829688737120818, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51575, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8875063716219491, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51563, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7395770681471727, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51565, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8508124373146292, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51569, "dest_port": 8443, "y_pred": 3, "y_pred_proba_max": 0.5992511446137153, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51583, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9800693036048761, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51609, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9487952174939838, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51610, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8433999839898527, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51571, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9289093543199546, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51562, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7916109236040738, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51561, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6581309600103571, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51612, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8850007279815829, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51611, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9716723319493124, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51606, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.914609316186646, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51593, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.991389443604995, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51600, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6916152562147252, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51578, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9735920450971155, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51594, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9484617157994825, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51566, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8489216722000901, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51601, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7742112857862967, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51573, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9490978656039605, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51605, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.6437818237934595, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51574, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9814468053609373, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51567, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8822918694986474, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51599, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8126934074161527, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51577, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9361303281919923, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51591, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9248209654087644, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51588, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.885089535964391, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51581, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.944473699417598, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51596, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7261974584899389, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51557, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8824195498393378, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51584, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9559589451761814, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51579, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.8372136980371361, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51570, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9419279010568342, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51580, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9737119891865093, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51572, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.9690767746062029, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51585, "dest_port": 8443, "y_pred": 1, "y_pred_proba_max": 0.7384483236210801, "2_count": 54, "2_sum": 54, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:30:31.650] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 54|max_alert: 1000 [2025-12-10 10:30:31.650] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:31.650] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:31.650] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:34.451] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24713 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_domain.1727402811.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_domain.1727402811.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023033Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bebdf6d4d1576c9124636e26939cf208b5622cdf655147bf3105b2717fc48155"} [2025-12-10 10:30:34.451] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:34.451] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:34.451] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:34.451] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:34.451] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:34.452] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:34.796] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID44-tls.12CS4.8_windowsserver2016_ubuntu_openjdk_domain.1727402811.jsonl|result:{"code": 1, "total_count": 53, "alert_count": 53, "abnormal_count": 53, "normal_count": 0, "timestamp": 1765333834452, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50845, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.927910009522291, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50831, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9822612157874431, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50834, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.8516737925663884, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50865, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.7670078626367843, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50849, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.499892437194262, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50876, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9663894681447874, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50877, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9327232184928673, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50880, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7923830709145896, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50881, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8741913394135943, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50833, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9422587331316291, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50859, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.967100523562462, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50874, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8470057391050821, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50842, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9617388295541971, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50868, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8964779701043224, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50869, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.951485745749508, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50873, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9850457432853492, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50857, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9695887280662026, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50862, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9937770057989308, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50875, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9367907509939358, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50882, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8381972479951724, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50870, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7973107636235428, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50872, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.8564530602377544, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50879, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8521082999512859, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50832, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.940221618531975, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50878, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9373424384315181, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50852, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9560668410442559, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50858, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.849978296664325, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50863, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7617313533941001, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50867, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.6067125106155578, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50835, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9128622502121867, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50830, "dest_port": 8843, "y_pred": 2, "y_pred_proba_max": 0.922442288715095, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50851, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7779135220624269, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50843, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.968022479934361, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50841, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.6884866513337922, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50837, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7903666523310198, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50839, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.9656826835861532, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50848, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.803348245572505, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50850, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7757844547228879, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50853, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9558619485451724, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50854, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9454586260599525, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50855, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7185841080012451, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50840, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.909121756354137, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50861, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.938673349556075, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50864, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.869571166400963, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50866, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.8969596285995963, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50838, "dest_port": 8843, "y_pred": 3, "y_pred_proba_max": 0.6784866089244911, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50871, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7862094902418666, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50856, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9751302757254107, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50846, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7023083356979712, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50860, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9219150133695014, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50836, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9407350249279497, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50844, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.9788235843300421, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50847, "dest_port": 8843, "y_pred": 1, "y_pred_proba_max": 0.7716188437973387, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:30:34.796] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 53|max_alert: 1000 [2025-12-10 10:30:34.796] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:34.796] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:34.796] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:37.646] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25843 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_IP.1727320000.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_IP.1727320000.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023037Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=b68e142499efac7bfe6b3ce5249f49806ae53156fe8c7c136918458af8d9d9c3"} [2025-12-10 10:30:37.646] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:37.646] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:37.646] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:37.646] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:37.646] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:37.647] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:37.971] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_IP.1727320000.jsonl|result:{"code": 1, "total_count": 53, "alert_count": 53, "abnormal_count": 53, "normal_count": 0, "timestamp": 1765333837647, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50675, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8727745307985147, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50676, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9343660634727488, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50679, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.4943940948693833, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50635, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9737688784580472, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50669, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7726250654480546, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50658, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.902918826874756, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50672, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9810688115489528, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50674, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.4902340896659531, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50659, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8229279421192818, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50634, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9869245476209628, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50639, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.917736767344109, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50644, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8283425356011436, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50645, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9342997270425343, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50651, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8095512650075916, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50656, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8589563159901207, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50642, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6103722461569957, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50661, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7447129417251058, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50652, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9602514456802667, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50668, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5134120308012482, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50633, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.9079671591062715, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50636, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9995536295453813, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50638, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8977570922051934, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50655, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6689034602113877, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50670, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.937417907603327, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50660, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9445602437574558, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50640, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7671579966557779, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50677, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8674647486849115, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50662, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5896327402145757, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50648, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5729505431979369, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50649, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5383239874292314, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50664, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6884616603203334, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50678, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9988419593111856, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50663, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7067645825096874, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50682, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8177423382700567, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50681, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7097902197024425, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50641, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8427099880918058, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50683, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5082062391829633, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50684, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.740530058154285, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50654, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8353668835102337, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50650, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.99382363353094, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50637, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6776288025186553, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50643, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7856555318291703, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50666, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997260843224112, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50680, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8802106541282002, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50671, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8702387669933649, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50685, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8287299771711815, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50646, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9641118461262765, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50647, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8781541729345593, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50673, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.937751153742365, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50653, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8584302255665796, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50657, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5232888456904898, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50665, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7288699595814496, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50667, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7691384538709107, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:30:37.971] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 53|max_alert: 1000 [2025-12-10 10:30:37.971] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:37.971] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:37.971] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:40.800] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24714 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_domain.1727074763.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_domain.1727074763.jsonl?X-Amz-Date=20251210T023040Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=50698389b4e552b75247ac3824bf7cf2835fdbcdaedf8838bde78b59ca29e064&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:30:40.800] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:40.800] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:40.800] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:40.800] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:40.800] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:40.800] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:41.126] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID9-tls1.2CS4.8_win8.1_kali_jdk_domain.1727074763.jsonl|result:{"code": 1, "total_count": 48, "alert_count": 48, "abnormal_count": 48, "normal_count": 0, "timestamp": 1765333840801, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50186, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9783642661335044, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50197, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9762108077456259, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50211, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9940386146033722, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50177, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9942163921224634, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50204, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.6231819735335516, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50208, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8822700743702137, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50223, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8840343370639095, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50179, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9737269030198793, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50224, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7337563006041925, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50213, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9933342726411358, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50199, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9825499902435425, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50198, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9690248610573996, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50202, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.952419040512868, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50187, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.806158159517571, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50192, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7427955312068172, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50207, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.9686844557017092, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50182, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9774722592890711, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50214, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9555626910287899, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50215, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7246996089996638, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50216, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9651980818592956, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50221, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9642712393074234, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50193, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.6790809679504902, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50200, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9934874610166191, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50194, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.7709361598277292, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50181, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9339880623291397, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50176, "dest_port": 801, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50205, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9897769522912672, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50212, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9897432271926416, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50219, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9760353145312586, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50201, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9651975229306475, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50206, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9083240828285978, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50183, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.857979495339769, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50190, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.786565890439424, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50222, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.6857809945291523, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50188, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8990992986398794, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50203, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.941406908939013, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50209, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9923758704121171, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50217, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9880513610161671, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50180, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.6239031188053099, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50184, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.661116983350053, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50218, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.8004096890480343, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50220, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8520782484713526, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50210, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9747483680440946, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50189, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.97065562466958, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50196, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.985442170776326, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50195, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.5249298205322234, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50185, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9961190195763644, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50191, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8037928769566836, "2_count": 48, "2_sum": 48, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:30:41.126] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 48|max_alert: 1000 [2025-12-10 10:30:41.126] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:41.126] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:41.126] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:43.981] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24715 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_IP.1730304759.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_IP.1730304759.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023043Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=8245d5e2d54ebcd1808693e4d9a87d50912cc94bb3e17306617f1510198248a2"} [2025-12-10 10:30:43.981] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:43.981] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:43.981] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:43.981] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:43.981] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:43.982] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:44.246] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID2-4-tls1.2CS4.8_win11_kali_openjdk_IP.1730304759.jsonl|result:{"code": 1, "total_count": 30, "alert_count": 30, "abnormal_count": 30, "normal_count": 0, "timestamp": 1765333843982, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51028, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.909715131386468, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51013, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8632187772619618, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51007, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8072009496464275, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51021, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9448114951710338, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51045, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9179373152081227, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51051, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8950631349423487, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51008, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8197756927678415, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51056, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8290982138824224, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51031, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9835502803818564, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51030, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8254072215629482, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51061, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9205641457381933, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51049, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9212585736117578, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51052, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8180828702811718, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51026, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9560092880642167, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51042, "dest_port": 7777, "y_pred": 3, "y_pred_proba_max": 0.48463054170760117, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51038, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9303128613521624, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51060, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9056514110802029, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51069, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.955326396937193, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51033, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8000610839703605, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51070, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9726464492584682, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51058, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9678502053188109, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51062, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8897661695608252, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51041, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6026954720387215, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51034, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9719707751780218, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51047, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9688302742131891, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51039, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.6854722523821205, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51063, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9418641735729519, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51055, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.9516714454573676, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51065, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.935310732929676, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "172.20.15.142", "dest_ip": "172.20.3.233", "protocol": 6, "src_port": 51067, "dest_port": 7777, "y_pred": 1, "y_pred_proba_max": 0.8470370218277853, "2_count": 30, "2_sum": 30, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:30:44.246] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 30|max_alert: 1000 [2025-12-10 10:30:44.246] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:44.246] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:44.246] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:47.095] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25844 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726283902.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726283902.jsonl?X-Amz-Date=20251210T023046Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=d19dd243cb977cba048382ed4fe791d9c8aea9346d563a2c43683e822523f4f7&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:30:47.095] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:47.095] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:47.095] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:47.095] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:47.095] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:47.095] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:47.298] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID57_behinderv2.0.1_aspx_winserver2012r2-https.pcap.TCP_10-0-4-15_3389_111-53-218-171_6945.1726283902.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333847096, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "10.0.4.15", "dest_ip": "111.53.218.171", "protocol": 6, "src_port": 3389, "dest_port": 6945, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:30:47.298] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:30:47.298] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:47.298] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:47.298] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:50.274] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25501 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_domain.1727321134.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_domain.1727321134.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=344f9a40ba91b2ca94291f09f520b09a68ca5122c9e49e4ca7b65f77adee54cd&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023049Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:30:50.274] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:50.274] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:50.274] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:50.275] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:50.275] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:50.275] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:50.574] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID47-tls1.2CS4.8_windowsserver2022_ubuntu_jdk_domain.1727321134.jsonl|result:{"code": 1, "total_count": 39, "alert_count": 39, "abnormal_count": 39, "normal_count": 0, "timestamp": 1765333850275, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50855, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7966402524077407, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50878, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8731125180512054, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50862, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9286163056869917, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50859, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.894803093088593, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50874, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9880361204216129, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50877, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9252905224143253, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50875, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9358468101055922, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50888, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7256314247788201, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50854, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9857363225232365, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50889, "dest_port": 8989, "y_pred": 3, "y_pred_proba_max": 0.671387251971141, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50861, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8547055283695889, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50865, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9443660054268475, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50857, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9685162436371995, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50867, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9132920345752669, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50869, "dest_port": 8989, "y_pred": 3, "y_pred_proba_max": 0.5339762245236795, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50872, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.942413063339364, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50886, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9668897410238606, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50879, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8375426995319284, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50887, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9467921846697748, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50876, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9144480779556886, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50885, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8115223141513391, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50853, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7937381837266143, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50866, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9987079820963567, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50863, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8180493334619071, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50860, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.858244580549359, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50868, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9990665065455986, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50871, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7527580591573758, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50880, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8254816128367551, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50858, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8276649262363052, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50882, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8932607779518871, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50856, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9669498006426231, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50873, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9090169118897937, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50883, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7328029930638451, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50870, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9086575410978172, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50852, "dest_port": 8989, "y_pred": 3, "y_pred_proba_max": 0.9385449940053762, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50864, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8809978118007479, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50884, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8232839041969212, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50881, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.6898060834333194, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50851, "dest_port": 8989, "y_pred": 2, "y_pred_proba_max": 0.6440316826323339, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}]} [2025-12-10 10:30:50.574] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 39|max_alert: 1000 [2025-12-10 10:30:50.574] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:50.574] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:50.574] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:53.454] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25502 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_domain.1727318066.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_domain.1727318066.jsonl?X-Amz-Date=20251210T023052Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=8920ef31d6084719a96d25fa8c29b1f0b375ea66927c620bb1e58b032e7c8465"} [2025-12-10 10:30:53.454] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:53.454] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:53.454] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:53.454] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:53.454] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:53.455] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:53.764] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_domain.1727318066.jsonl|result:{"code": 1, "total_count": 37, "alert_count": 37, "abnormal_count": 37, "normal_count": 0, "timestamp": 1765333853455, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50128, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9750176660170545, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50096, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.763965145813108, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50115, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8716565470654023, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50118, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.6992374941806302, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50100, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.718841551205348, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50105, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7309422771877541, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50125, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9672233464087546, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50106, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7748149765103765, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50098, "dest_port": 8989, "y_pred": 3, "y_pred_proba_max": 0.5701729000730629, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50124, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.48181535099249023, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50110, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9820896648045526, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50133, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7589125672099128, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50099, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7069786763221791, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50117, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9001571335137907, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50123, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.926987155332866, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50126, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8599087575066164, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50107, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9119420401499598, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50085, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7791330281890387, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50112, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.871951138483863, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50084, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8586693325546743, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50102, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8261123446443487, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50113, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9614773607185583, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50119, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7618168787715726, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50120, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8150620872747658, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50134, "dest_port": 8989, "y_pred": 3, "y_pred_proba_max": 0.9062006682329576, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50116, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9835429257678272, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50108, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9850268387987403, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50129, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.971489924590687, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50132, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.898687781095084, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50114, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.8497999090339813, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50135, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7893572845930441, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50127, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9616256332792846, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50104, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.6648515753386599, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50122, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.6108532678298093, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50131, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9834435147479796, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50121, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.9794226439786593, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50103, "dest_port": 8989, "y_pred": 1, "y_pred_proba_max": 0.7372820449317844, "2_count": 37, "2_sum": 37, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:30:53.764] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 37|max_alert: 1000 [2025-12-10 10:30:53.764] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:53.764] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:53.764] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:56.630] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25503 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_IP.1727322514.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_IP.1727322514.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023056Z&X-Amz-Signature=77bb26e717e3838a0b6b8a99a2415f38ffe54070b187e043278f7eb50f27cbbf&X-Amz-Expires=604800"} [2025-12-10 10:30:56.630] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:56.630] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:56.630] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:56.630] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:56.630] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:56.631] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:30:56.926] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID46-tls.12CS4.8_windowsserver2022_kali_openjdk_IP.1727322514.jsonl|result:{"code": 1, "total_count": 36, "alert_count": 36, "abnormal_count": 36, "normal_count": 0, "timestamp": 1765333856631, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51271, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.6116856652489504, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51295, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5215912729198179, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51301, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7410487246950258, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51277, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7948467704035493, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51294, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8322252172723574, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51282, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.816204846088684, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51300, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5166475614544926, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51274, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8701115566486514, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51287, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7358911790338485, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51290, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9706816042985499, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51299, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8033918042907015, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51280, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8923640010871082, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51288, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8145941636711616, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51279, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.697213254272969, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51275, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5730388340899024, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51297, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9425762063272859, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51296, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9000842505438266, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51291, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9629547323162946, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51273, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5028057287952507, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51278, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9563526221548122, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51283, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8381916295656497, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51276, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6239073558624315, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51284, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5507294747419299, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51305, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5607299303308504, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51293, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9202367310757953, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51304, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7866268078941436, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51298, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8160288908736042, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51289, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7353155228033567, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51302, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5093779860895955, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51272, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8040866000370863, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51281, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9584660158262098, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51286, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5388659552682039, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51285, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.69140607612642, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51303, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7604554484682853, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51306, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9501611942025454, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51292, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8048179635237208, "2_count": 36, "2_sum": 36, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:30:56.926] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 36|max_alert: 1000 [2025-12-10 10:30:56.926] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:30:56.926] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:30:56.926] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:30:59.811] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24716 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_domain.1727407534.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_domain.1727407534.jsonl?X-Amz-Signature=67f344683dc86fe892218d5ccf12b63327fe6f4d15e1d6d782b6585e9dd40bee&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T023059Z"} [2025-12-10 10:30:59.811] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:30:59.811] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:30:59.811] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:30:59.811] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:30:59.811] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:30:59.812] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:00.138] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_domain.1727407534.jsonl|result:{"code": 0, "total_count": 62, "alert_count": 0, "abnormal_count": 0, "normal_count": 62, "timestamp": 1765333859812, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:31:00.138] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:31:00.138] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:02.979] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25845 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.1726646047.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.1726646047.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023102Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=b520cf446993c664122cab2b4a99b009860cc2b4935800567a139aebe0ff46b3&X-Amz-SignedHeaders=host"} [2025-12-10 10:31:02.979] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:02.979] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:02.979] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:02.979] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:02.979] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:02.979] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:03.133] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.1726646047.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333862979, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49307, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8617739498778506, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:31:03.133] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:31:03.133] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:03.133] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:03.133] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:06.089] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25504 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain1.1727406879.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain1.1727406879.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=ac945d033370ad62798e3840b3101f9ea2db7c2ef30cbed69ebe1e8a3d83aab7&X-Amz-Date=20251210T023105Z"} [2025-12-10 10:31:06.089] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:06.089] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:06.090] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:06.090] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:06.090] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:06.090] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:06.373] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain1.1727406879.jsonl|result:{"code": 1, "total_count": 109, "alert_count": 109, "abnormal_count": 109, "normal_count": 0, "timestamp": 1765333866090, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49586, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49559, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49598, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49519, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49551, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49565, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49518, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49538, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49574, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49596, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49547, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49568, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49556, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49562, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49585, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49590, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49529, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49593, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49600, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49609, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49613, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49614, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49617, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49625, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49548, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49535, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49527, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49563, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49525, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49589, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49620, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49557, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49584, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49528, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49533, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49569, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49592, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49624, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49579, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49604, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49532, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49622, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49580, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49603, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49611, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49570, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49524, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49542, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49520, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49573, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49594, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49552, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49537, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49583, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49543, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49601, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49605, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49521, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49517, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49561, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49558, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49553, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49608, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49597, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49610, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49616, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49526, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49566, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49530, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49572, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49591, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49606, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49536, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49564, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49546, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49607, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49534, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49582, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49618, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49545, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49549, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49554, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49555, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49576, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49599, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49540, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49602, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49615, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49567, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49571, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49623, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49575, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49523, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49577, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49612, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49587, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49578, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49550, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49595, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49619, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49581, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49588, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49621, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49541, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49539, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49531, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49560, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49522, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49544, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 109, "2_sum": 109, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:31:06.373] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 109|max_alert: 1000 [2025-12-10 10:31:06.373] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:06.373] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:06.373] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:09.231] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25846 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_tls1.2.1727153252.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_tls1.2.1727153252.jsonl?X-Amz-Date=20251210T023108Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=634c708636463b58ed443d81a037703eec1ca6b7bccf43a712d42f10d6b3cf6f&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:31:09.232] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:09.232] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:09.232] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:09.232] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:09.232] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:09.232] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:09.551] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_Domain_tls1.2.1727153252.jsonl|result:{"code": 1, "total_count": 50, "alert_count": 50, "abnormal_count": 50, "normal_count": 0, "timestamp": 1765333869232, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55762, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8060050992110214, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55740, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9509407523399885, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55751, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9351000623192666, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55765, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8082570629330488, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55769, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6814547457880828, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55771, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6655183778486636, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55776, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.7232195385080333, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55778, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.923758062268316, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55781, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.959363640939148, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55782, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9993492786899891, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55783, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5697049142736668, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55760, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.97975456793738, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55742, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9612191579263706, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55773, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8885705905332233, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55747, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8117216190323515, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55749, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9383670757759202, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55750, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8727883999793692, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55754, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9585970583298099, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55763, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8547033520287153, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55755, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8824175204655595, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55761, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9753706230958025, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55734, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9978528130042571, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55777, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6380647408091236, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55733, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55741, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9033748237310683, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55780, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8676978242202457, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55745, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7952068747971088, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55772, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9055197784060736, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55739, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9997332986261173, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55738, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.81096133653845, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55744, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9089855773967718, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55764, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9660669788621685, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55784, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9018141460896643, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55757, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9018609776120557, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55768, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9642452890491118, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55770, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7055188686634016, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55785, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8418988134805507, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55767, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9247928845915304, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55743, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7833432637781245, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55775, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.76283701400971, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55774, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8799044260825759, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55748, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6553977800336624, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55753, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8178530026045628, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55758, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5598510653754684, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55779, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9070342448971367, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55766, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9468432560671992, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55737, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8840195900392837, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55746, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9995514046067615, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55752, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8317932220150451, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55756, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9980108617979756, "2_count": 50, "2_sum": 50, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:31:09.551] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 50|max_alert: 1000 [2025-12-10 10:31:09.551] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:09.551] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:09.551] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:12.426] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25505 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406669.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406669.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=0b8ed8e7caf76607994453170a3c901fec05e991eb4d6d979f2093b73df20545&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023111Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:31:12.426] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:12.426] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:12.427] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:12.427] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:12.427] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:12.427] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:12.783] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID36-tls1.2CS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406669.jsonl|result:{"code": 0, "total_count": 58, "alert_count": 0, "abnormal_count": 0, "normal_count": 58, "timestamp": 1765333872427, "module": "anquanchu", "proto": "other", "alerted": false, "details": []} [2025-12-10 10:31:12.784] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 0|max_alert: 1000 [2025-12-10 10:31:12.784] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:15.604] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24717 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.1726645925.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.1726645925.jsonl?X-Amz-Signature=ecd40332653a4138242f45e3a8d27dad4bd91a05c8b645984f4eacc34e5f5d37&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T023115Z"} [2025-12-10 10:31:15.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:15.605] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:15.605] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:15.605] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:15.605] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:15.605] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:15.759] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.1726645925.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333875605, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49306, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.4204794871996367, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:31:15.759] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:31:15.759] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:15.759] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:15.759] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:18.779] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25847 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49306.1726645925.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49306.1726645925.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b1e3529328b05b7768bc5a3e25127ea4eb013be7d5789e7b483367f842dbf3e7&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023118Z"} [2025-12-10 10:31:18.779] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:18.779] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:18.779] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:18.779] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:18.779] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:18.780] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:18.984] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49306.1726645925.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333878780, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49306, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.4204794871996367, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:31:18.984] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:31:18.984] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:18.984] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:18.984] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:21.952] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25506 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49307.1726646047.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49307.1726646047.jsonl?X-Amz-Date=20251210T023121Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=660a1bfc6686f818d734e5ffa6bea529204a2d576aca9ce65726935d25d68765&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:31:21.952] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:21.952] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:21.952] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:21.952] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:21.952] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:21.953] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:22.108] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49307.1726646047.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333881953, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49307, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8617739498778506, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:31:22.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:31:22.108] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:22.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:22.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:25.058] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25848 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_http.1727056582.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_http.1727056582.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Signature=16a6680163816444f9c305ac99412dd80c76532b66e2a717a58beb91410e4a28&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023124Z"} [2025-12-10 10:31:25.058] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:25.058] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:25.058] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:25.058] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:25.058] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:25.058] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:25.329] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_http.1727056582.jsonl|result:{"code": 1, "total_count": 116, "alert_count": 116, "abnormal_count": 116, "normal_count": 0, "timestamp": 1765333885058, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57773, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57789, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57843, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57793, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57755, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57754, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57761, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57828, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57835, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57746, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57825, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57738, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57783, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57836, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57762, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57766, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57772, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57753, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57787, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57840, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57740, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57747, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57816, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57811, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57750, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57838, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57820, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57812, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57784, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57842, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57851, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57832, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57815, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57818, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57760, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57765, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57819, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57847, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57781, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57804, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57799, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57776, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57795, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57737, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57839, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57749, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57786, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57813, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57814, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57751, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57752, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57748, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57806, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57743, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57853, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57763, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57774, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57821, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57785, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57794, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57798, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57837, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57844, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57777, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57827, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57775, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57734, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57834, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57733, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57771, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57758, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57744, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57764, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57769, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57797, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57757, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57829, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57770, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57807, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57805, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57833, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57852, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57739, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57803, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57800, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57849, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57801, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57846, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57850, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57745, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57767, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57792, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57809, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57841, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57824, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57779, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57796, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57830, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57741, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57845, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57768, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57742, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57756, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57791, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57778, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57790, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57759, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57817, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57826, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57780, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57782, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57810, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57822, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57788, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57848, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 57831, "dest_port": 8888, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 116, "2_sum": 116, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:31:25.329] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 116|max_alert: 1000 [2025-12-10 10:31:25.329] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:25.329] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:25.329] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:28.202] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24718 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_tls1.2.1727149393.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_tls1.2.1727149393.jsonl?X-Amz-Signature=8f361bda1a2ef3e378f49eba8d22da6dcae48e23934a420f31f0486995ac1158&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023127Z&X-Amz-Expires=604800"} [2025-12-10 10:31:28.202] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:28.202] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:28.202] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:28.202] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:28.202] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:28.203] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:28.525] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID4_CS4.8_win11_Ubuntu_openjdk_IP_tls1.2.1727149393.jsonl|result:{"code": 1, "total_count": 53, "alert_count": 53, "abnormal_count": 53, "normal_count": 0, "timestamp": 1765333888203, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55316, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9993601422373508, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55311, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9048639331269192, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55298, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9111846607312254, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55359, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7598806437688925, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55312, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8695374059769033, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55297, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8146611049703795, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55336, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9753992331683569, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55319, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9997402028824827, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55303, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7274823559003951, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55301, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8435108728323177, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55314, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8821411186076509, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55326, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8629755804593437, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55294, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7680481978959787, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55296, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.634707452375565, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55295, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.58448572041036, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55317, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9965954908729969, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55324, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9288239754896603, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55327, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5218291895701854, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55329, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.898154187654644, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55299, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6630038430357242, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55309, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9995285530278931, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55280, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9616723266915252, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55318, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7996175642589001, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55332, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6472111569418415, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55333, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9050873831964785, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55338, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8478838248127611, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55320, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7222691593715134, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55354, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.4887603345685281, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55307, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9699255769571519, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55315, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9974889058343238, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55305, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8149549171125912, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55356, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9304468765265574, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55310, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9188646387493684, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55360, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7385442222169135, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55322, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7152284451674374, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55357, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9509454514053891, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55361, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8100636450598144, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55300, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9253676240794698, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55362, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9238174769152541, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55278, "dest_port": 801, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55302, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9989212555670739, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55325, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.675353970758618, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55335, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7619847586181452, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55355, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7900698753293837, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55330, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9401059486703537, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55331, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9757889719490143, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55313, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8368993020193161, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55321, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9607788471748037, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55292, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6870128355777025, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55323, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9172168534471582, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55328, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6413131103626841, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55306, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8143541343744756, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55308, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6083067231669342, "2_count": 53, "2_sum": 53, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:31:28.525] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 53|max_alert: 1000 [2025-12-10 10:31:28.525] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:28.525] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:28.525] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:31.331] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25507 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_domain.1727153847.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_domain.1727153847.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023130Z&X-Amz-Signature=58274142c116ac23947f55c373182ea893526d27733e52307978b70e5b80233c&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:31:31.331] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:31.331] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:31.332] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:31.332] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:31.332] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:31.332] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:31.552] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID11-tls1.2CS4.8_win8.1_ubuntu_jdk_domain.1727153847.jsonl|result:{"code": 1, "total_count": 34, "alert_count": 34, "abnormal_count": 34, "normal_count": 0, "timestamp": 1765333891332, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49411, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5107493027664829, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49432, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9897524532255348, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49426, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7984125433015188, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49414, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.985621236830855, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49428, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9789474563902498, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49418, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.6603091940974719, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49434, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7984059578276932, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49412, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7287212600764338, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49415, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9960597405930346, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49427, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9777739228855149, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49423, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9149301584920053, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49421, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9843258939230892, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49422, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.777313846751963, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49413, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9899980533553896, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49416, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8977734259902608, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49403, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5873185016117867, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49405, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8850974462990425, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49420, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9904248798312952, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49406, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9650048578752779, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49417, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9793530095856338, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49410, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8960318461895338, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49409, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6663949489576614, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49430, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9830939982448673, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49433, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9950217496004972, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49408, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9962526329265244, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49407, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9920884466485065, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49404, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.8738856328220531, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49431, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9879095090279174, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49425, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9861893046876741, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49424, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9980392432811638, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49419, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9282945322195262, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49402, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49435, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9549480056083078, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49429, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9414075686129025, "2_count": 34, "2_sum": 34, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:31:31.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 34|max_alert: 1000 [2025-12-10 10:31:31.552] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:31.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:31.552] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:34.493] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24719 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_domain.1727154653.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_domain.1727154653.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023133Z&X-Amz-Signature=5c836928ee52f559ce985e2e108cb4f871c4e0dff4f8449b80bf71dddc1a1efa"} [2025-12-10 10:31:34.493] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:34.493] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:34.493] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:34.493] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:34.493] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:34.493] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:34.720] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID15-tls1.2CS4.8_win8_ubuntu_jdk_domain.1727154653.jsonl|result:{"code": 1, "total_count": 39, "alert_count": 39, "abnormal_count": 39, "normal_count": 0, "timestamp": 1765333894493, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50125, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8365610239947199, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50135, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.885018937516398, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50114, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9538442524972903, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50138, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8043869189222252, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50144, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9862418834056705, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50111, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.973242883735073, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50130, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8694926787112048, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50133, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7195574535556031, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50146, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7348213289332016, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50132, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8533990439229215, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50123, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9843862542947249, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50116, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9229804239986547, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50113, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9208958486363774, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50131, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8872084155295791, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50149, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9414386296593856, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50150, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5901932017800697, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50148, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5851909677803341, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50122, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9179650129979977, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50141, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8624661631950974, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50126, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.65550115738094, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50147, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9601712092562372, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50139, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6934389090137082, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50121, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.769716356414822, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50136, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8593241123225765, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50120, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5681234747612016, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50124, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9242587761522965, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50110, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50128, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9394904623337497, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50119, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8020318674320587, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50118, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8564512116079878, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50142, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8851627978662158, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50140, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9585828459699253, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50143, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9748573010572472, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50145, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7669729837863496, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50137, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9623293435846844, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50115, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7354945951160314, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50127, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9973909769577917, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50134, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6014279665449264, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 50117, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9623146129936638, "2_count": 39, "2_sum": 39, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:31:34.720] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 39|max_alert: 1000 [2025-12-10 10:31:34.720] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:34.720] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:34.720] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:37.602] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25508 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401095.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401095.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=0aeff793d151bb5f956dc1d8090fc238e8cf9dbe431e11d66236b66d3209f0b2&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023137Z&X-Amz-Expires=604800"} [2025-12-10 10:31:37.602] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:37.602] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:37.602] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:37.602] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:37.602] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:37.603] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:37.817] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_IP.1727401095.jsonl|result:{"code": 1, "total_count": 96, "alert_count": 96, "abnormal_count": 96, "normal_count": 0, "timestamp": 1765333897603, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50238, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50254, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50234, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50247, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50255, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50259, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50275, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50279, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50287, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50309, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50322, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50295, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50314, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50248, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50284, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50328, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50302, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50294, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50277, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50301, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50312, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50285, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50292, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50282, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50244, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50281, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50317, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50323, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50271, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50246, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50256, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50261, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50289, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50264, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50241, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50242, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50245, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50251, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50270, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50276, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50291, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50240, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50243, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50260, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50305, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50310, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50236, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50326, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50307, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50239, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50274, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50300, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50313, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50273, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50253, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50267, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50263, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50268, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50297, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50288, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50318, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50266, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50280, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50283, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50269, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50319, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50252, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50286, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50293, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50316, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50320, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50325, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50235, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50321, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50327, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50265, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50303, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50296, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50299, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50233, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50258, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50250, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50272, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50249, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50298, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50306, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50262, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50290, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50304, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50308, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50311, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50315, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50324, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50237, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50278, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50257, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 96, "2_sum": 96, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:31:37.817] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 96|max_alert: 1000 [2025-12-10 10:31:37.817] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:37.817] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:37.817] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:40.741] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25849 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_IP.1727156434.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_IP.1727156434.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023140Z&X-Amz-Signature=20109e2d15589865c5ee97624cc0e8b3616d2141372b8b5f8b3062dcc07ec651&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:31:40.741] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:40.741] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:40.741] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:40.741] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:40.741] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:40.742] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:40.959] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID14-tls1.2CS4.8_win8_kali_openjdk_IP.1727156434.jsonl|result:{"code": 1, "total_count": 35, "alert_count": 35, "abnormal_count": 35, "normal_count": 0, "timestamp": 1765333900742, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50281, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8909460095816071, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50298, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9474021747800131, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50294, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9723990766268941, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50289, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.6570528504319809, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50297, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.7320739356543786, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50296, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9077050344805543, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50276, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8707429375970004, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50273, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9929237084987669, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50285, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.7376398959463499, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50269, "dest_port": 8001, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50287, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9681575201664929, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50277, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8832299079536802, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50280, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8820614619621302, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50299, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9728510000693305, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50304, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.9593849054731214, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50302, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9738030835772703, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50286, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8168968561587813, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50278, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9397747038281943, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50290, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9861391818932039, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50291, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9305046562466724, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50274, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9640399471459202, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50284, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9834065790164822, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50275, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9614753378861609, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50282, "dest_port": 6443, "y_pred": 1, "y_pred_proba_max": 0.974310735099855, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50272, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9838488974032207, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50279, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9292933318816733, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50292, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9386592534090326, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50300, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9707611412282701, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50270, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.6010970902371278, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50301, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8930416725214173, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50303, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8983756854521493, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50288, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.952836068439696, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50295, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9621922064913903, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50271, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.8569770965099369, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.46", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50293, "dest_port": 6443, "y_pred": 3, "y_pred_proba_max": 0.9307814544235502, "2_count": 35, "2_sum": 35, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:31:40.959] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 35|max_alert: 1000 [2025-12-10 10:31:40.959] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:40.959] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:40.959] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:43.879] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25850 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_domain.1727075622.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_domain.1727075622.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023143Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=3cb579ddcb6b57868ae0a821c03cf6e5d4fe737324d6fb6c58bf67c28642947e&X-Amz-SignedHeaders=host&X-Amz-Expires=604800"} [2025-12-10 10:31:43.879] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:43.879] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:43.879] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:43.879] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:43.879] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:43.879] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:44.094] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID10-tls1.2CS4.8_win8.1_kali_openjdk_domain.1727075622.jsonl|result:{"code": 1, "total_count": 31, "alert_count": 31, "abnormal_count": 31, "normal_count": 0, "timestamp": 1765333903879, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50324, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9712408078529797, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50347, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.5597433793220172, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50332, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.6821708268644608, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50339, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9379938882115066, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50343, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9054440897593908, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50341, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.5902493488581578, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50335, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9472690167162696, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50344, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.950390309105381, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50342, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9769616947938528, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50338, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7391651124340441, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50330, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.560528644405597, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50336, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9734887474147849, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50329, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8641107939826398, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50325, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.9064094615639897, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50331, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.7203337938303351, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50323, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9968518882025452, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50333, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9679087347025512, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50348, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9548177269286058, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50351, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.718280210835543, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50334, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.6838444534453724, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50322, "dest_port": 801, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50346, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.8901446468750992, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50326, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7322310277730321, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50352, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9874254190089017, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50340, "dest_port": 4431, "y_pred": 1, "y_pred_proba_max": 0.7006360426155985, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50328, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9884984979672615, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50337, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.93700408935413, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50345, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.6674409992814986, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50350, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9180016533632116, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50327, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.8869933406632555, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.42", "protocol": 6, "src_port": 50349, "dest_port": 4431, "y_pred": 3, "y_pred_proba_max": 0.9494387905087678, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:31:44.094] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 31|max_alert: 1000 [2025-12-10 10:31:44.094] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:44.094] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:44.094] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:47.026] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25851 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_domain.1727155214.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_domain.1727155214.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023146Z&X-Amz-Signature=9ae6fd6f8127419bac9a3d578bb8ac259e0d5399eefe1bb06ddfc40d7e95e8d4&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:31:47.026] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:47.026] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:47.026] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:47.026] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:47.026] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:47.026] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:47.277] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_domain.1727155214.jsonl|result:{"code": 1, "total_count": 32, "alert_count": 32, "abnormal_count": 32, "normal_count": 0, "timestamp": 1765333907026, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49486, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9827192990135268, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49476, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9937258154943753, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49469, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.763841655546708, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49492, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7780430822961274, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49499, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9916241126439433, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49487, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9869312816282917, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49497, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.7916152190699269, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49473, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7655400941889741, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49478, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8367971063820575, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49472, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.9247291725687193, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49481, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9021868532077724, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49483, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8918792605099181, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49488, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5033989304692638, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49484, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5586635692190988, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49482, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8823982943430101, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49470, "dest_port": 9443, "y_pred": 1, "y_pred_proba_max": 0.5689264753531595, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49498, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9324303379152458, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49490, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9897713863708071, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49485, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6438109518094741, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49495, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.5532942730910129, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49480, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6687453382096504, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49491, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6805803481585718, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49477, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.96489194713486, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49493, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.8590629490787889, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49471, "dest_port": 9443, "y_pred": 2, "y_pred_proba_max": 0.5067881381109904, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49489, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9578843636924549, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49494, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9757335423592094, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49474, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9795009241987906, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49475, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.6560431069838787, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49479, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.7061869992419909, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49496, "dest_port": 9443, "y_pred": 3, "y_pred_proba_max": 0.9818744764605243, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49468, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 32, "2_sum": 32, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:31:47.277] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 32|max_alert: 1000 [2025-12-10 10:31:47.277] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:47.277] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:47.277] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:50.193] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24720 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_IP.1727315594.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_IP.1727315594.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023149Z&X-Amz-Signature=be21af7b9ee4d04181bb8fade2b1ea089e23b065d999d261a25e5bfc11405a79&X-Amz-SignedHeaders=host"} [2025-12-10 10:31:50.193] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:50.193] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:50.193] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:50.193] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:50.193] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:50.194] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:50.395] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID48-tls1.2CS4.8_windowsserver2022_ubuntu_openjdk_IP.1727315594.jsonl|result:{"code": 1, "total_count": 27, "alert_count": 27, "abnormal_count": 27, "normal_count": 0, "timestamp": 1765333910194, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49697, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8021862728062334, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49694, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9792333460775875, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49704, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7332175634242091, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49700, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5890380171341887, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49708, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9624053348835331, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49712, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5536624171743886, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49698, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6471179667415962, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49703, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7704871258264674, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49687, "dest_port": 443, "y_pred": 2, "y_pred_proba_max": 0.8463011223715704, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Behinder"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49705, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7279337551503361, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49702, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6912577432184575, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49688, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8863287961258146, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49696, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8604017898140981, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49707, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7552712894918965, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49692, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.863590216048175, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49706, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9565131116524406, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49713, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.712524047039068, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49714, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8580192844596732, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49715, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.661000868654204, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49695, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9812914665164227, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49701, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7777338644529034, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49711, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9201668754843005, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49709, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8472000570458984, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49716, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8065674765718964, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49699, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5859810836293833, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49710, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.770427916560952, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49690, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8504247943134287, "2_count": 27, "2_sum": 27, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:31:50.395] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 27|max_alert: 1000 [2025-12-10 10:31:50.395] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:50.395] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:50.395] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:53.331] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24721 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_IP.1727155060.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_IP.1727155060.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=dd6c6ae2e2df2b77c8c4da0a24866a2be29274660fd38c30a4e2ee1f9587bc6a&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023152Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:31:53.331] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:53.331] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:53.331] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:53.331] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:53.331] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:53.331] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:53.539] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID12-tls1.2CS4.8_win8.1_ubuntu_openjdk_IP.1727155060.jsonl|result:{"code": 1, "total_count": 31, "alert_count": 31, "abnormal_count": 31, "normal_count": 0, "timestamp": 1765333913332, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49463, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9876488757035718, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49437, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49441, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9672340479327698, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49448, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9921699705271048, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49438, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9438490810364881, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49442, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9639981148533279, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49440, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6496558237151077, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49444, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9620602895540348, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49445, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9595248096831862, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49454, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9212576579943165, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49464, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9389914042542012, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49450, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9954412186491702, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49466, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9671490983896524, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49443, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.999346293867044, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49446, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6905798428705913, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49451, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.908399226558267, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49462, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9986736503860718, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49453, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7005617694456704, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49439, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7446922374114299, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49449, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6132770873825546, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49457, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9746609856782628, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49461, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9810655882106577, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49459, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.49856242078495383, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49447, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.732963176082023, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49467, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.968124964484979, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49455, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.987076687453493, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49460, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9695739346021492, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49458, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6033923398197748, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49452, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.42074736572541055, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49456, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9531576716305213, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.43", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 49465, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7470505384999679, "2_count": 31, "2_sum": 31, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:31:53.539] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 31|max_alert: 1000 [2025-12-10 10:31:53.539] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:53.540] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:53.540] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:56.438] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25852 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_IP.1727338723.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_IP.1727338723.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023155Z&X-Amz-Signature=d1f5373de02bffbc67d4e83fdeaa401b4d78eceb96a4b4f4299b0b7cab11691a&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:31:56.438] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:56.438] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:56.438] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:56.438] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:56.438] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:56.439] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:56.689] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_IP.1727338723.jsonl|result:{"code": 1, "total_count": 95, "alert_count": 95, "abnormal_count": 95, "normal_count": 0, "timestamp": 1765333916439, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53636, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53629, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53607, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53622, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53651, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53660, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53663, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53678, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53697, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53638, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53691, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53606, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53624, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53625, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53630, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53634, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53620, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53605, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53642, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53616, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53632, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53648, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53643, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53659, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53662, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53656, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53675, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53679, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53655, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53608, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53633, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53628, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53649, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53672, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53677, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53626, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53696, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53644, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53653, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53611, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53686, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53694, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53667, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53627, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53623, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53640, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53681, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53683, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53610, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53647, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53637, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53684, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53680, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53682, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53646, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53619, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53609, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53618, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53604, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53641, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53671, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53652, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53665, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53631, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53676, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53669, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53657, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53661, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53668, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53613, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53690, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53645, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53664, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53693, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53654, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53666, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53685, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53687, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53650, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53674, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53621, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53614, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53658, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53615, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53673, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53603, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53689, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53612, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53695, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53635, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53617, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53692, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53639, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53670, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 53688, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:31:56.689] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 95|max_alert: 1000 [2025-12-10 10:31:56.689] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:56.689] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:56.689] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:31:59.546] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25853 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain3.1727337565.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain3.1727337565.jsonl?X-Amz-Date=20251210T023159Z&X-Amz-Expires=604800&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=b3fa8e1ec103939f6368ec60c0ecde49e60ff22f178296e6588435f6f4364423"} [2025-12-10 10:31:59.546] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:31:59.546] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:31:59.546] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:31:59.546] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:31:59.546] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:31:59.547] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:31:59.771] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain3.1727337565.jsonl|result:{"code": 1, "total_count": 90, "alert_count": 90, "abnormal_count": 90, "normal_count": 0, "timestamp": 1765333919547, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52081, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52082, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52085, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52090, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52098, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52109, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52023, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52074, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52056, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52039, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52048, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52024, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52057, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52087, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52104, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52041, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52030, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52022, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52027, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52047, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52084, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52092, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52029, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52062, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52069, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52102, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52043, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52077, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52089, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52105, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52097, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52044, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52103, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52038, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52108, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52063, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52072, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52093, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52045, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52086, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52028, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52068, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52059, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52033, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52075, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52051, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52078, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52049, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52054, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52099, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52032, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52061, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52067, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52083, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52073, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52076, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52021, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52025, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52046, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52065, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52050, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52094, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52064, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52100, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52101, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52060, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52034, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52020, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52096, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52042, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52055, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52106, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52035, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52037, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52036, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52058, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52053, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52066, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52040, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52088, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52080, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52091, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52095, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52107, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52026, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52079, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52052, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52070, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52071, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52031, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 90, "2_sum": 90, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:31:59.771] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 90|max_alert: 1000 [2025-12-10 10:31:59.771] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:31:59.771] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:31:59.771] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:02.605] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24722 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.1726643864.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.1726643864.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023202Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=bdae778df75abdbbd90a900a72d64da1b525484081a3045e3e5502735894c0e8&X-Amz-Expires=604800"} [2025-12-10 10:32:02.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:02.605] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:02.605] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:02.605] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:02.606] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:02.606] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:02.760] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.1726643864.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333922606, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49298, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8750513333759599, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:32:02.760] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:32:02.760] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:02.760] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:02.760] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:05.799] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25854 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49298.1726643864.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49298.1726643864.jsonl?X-Amz-Signature=6f7c19914a640d26904a1c408b3e33d36df338c36cd050f73ebb66ac97abffc4&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023205Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:32:05.799] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:05.799] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:05.799] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:05.799] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:05.799] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:05.800] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:05.955] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49298.1726643864.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333925800, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49298, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8750513333759599, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:32:05.955] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:32:05.955] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:05.955] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:05.955] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:08.959] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25509 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.1726643632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.1726643632.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=8cb8cdd130e2f4dbcae007a93c8fb22309c16a92b27ef96d8cae146a2bd524e3&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023208Z&X-Amz-Expires=604800"} [2025-12-10 10:32:08.960] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:08.960] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:08.960] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:08.960] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:08.960] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:08.960] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:09.119] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.1726643632.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333928960, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49297, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6066608043383468, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:32:09.119] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:32:09.119] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:09.119] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:09.119] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:12.119] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25855 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49297.1726643632.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49297.1726643632.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023211Z&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=fbf0ef65866b9d413eec5dfff19f204319b72b0f50fe73e2c10bd767618a802b&X-Amz-SignedHeaders=host"} [2025-12-10 10:32:12.119] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:12.119] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:12.119] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:12.119] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:12.119] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:12.120] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:12.274] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai5zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49297.1726643632.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333932120, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49297, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6066608043383468, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:32:12.274] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:32:12.274] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:12.274] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:12.274] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:15.229] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25856 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain2.1727339870.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain2.1727339870.jsonl?X-Amz-Date=20251210T023214Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Signature=ade0b84ef0581ab8312edb5a3303180241c5e047c5246c7f947f87d32e013d74&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:32:15.229] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:15.229] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:15.229] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:15.229] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:15.229] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:15.230] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:15.448] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain2.1727339870.jsonl|result:{"code": 1, "total_count": 95, "alert_count": 95, "abnormal_count": 95, "normal_count": 0, "timestamp": 1765333935230, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54107, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54104, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54110, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54143, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54156, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54166, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54129, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54168, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54175, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54147, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54174, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54094, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54105, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54123, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54136, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54130, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54135, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54145, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54096, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54153, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54169, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54172, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54177, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54180, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54117, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54184, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54112, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54127, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54149, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54159, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54187, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54122, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54098, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54162, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54133, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54103, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54099, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54132, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54167, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54181, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54128, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54140, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54142, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54163, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54176, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54097, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54108, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54158, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54100, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54115, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54125, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54154, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54171, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54144, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54179, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54113, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54186, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54102, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54161, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54138, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54119, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54124, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54111, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54155, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54121, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54134, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54173, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54165, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54139, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54183, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54146, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54095, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54120, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54109, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54178, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54157, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54151, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54164, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54114, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54182, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54137, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54101, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54106, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54148, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54116, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54118, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54126, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54131, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54170, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54185, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54152, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54150, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54093, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54160, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54141, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 95, "2_sum": 95, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:15.448] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 95|max_alert: 1000 [2025-12-10 10:32:15.448] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:15.449] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:15.449] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:18.338] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25510 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406093.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406093.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=1994125adfa3c275be40b2de0940071923ec6d750b25b130fe749dc7ca9e23d1&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023217Z"} [2025-12-10 10:32:18.338] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:18.338] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:18.338] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:18.338] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:18.338] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:18.339] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:18.615] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_IP.1727406093.jsonl|result:{"code": 1, "total_count": 83, "alert_count": 83, "abnormal_count": 83, "normal_count": 0, "timestamp": 1765333938339, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49246, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49304, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49258, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49273, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49262, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49271, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49253, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49305, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49228, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49294, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49254, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49255, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49226, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49267, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49244, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49272, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49303, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49241, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49239, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49289, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49266, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49287, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49291, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49298, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49243, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49301, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49286, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49280, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49261, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49288, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49279, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49237, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49257, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49248, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49263, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49306, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49281, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49233, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49260, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49292, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49240, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49308, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49256, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49285, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49282, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49300, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49268, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49229, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49251, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49278, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49236, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49302, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49276, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49284, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49297, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49247, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49295, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49250, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49277, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49307, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49264, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49234, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49238, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49242, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49274, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49275, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49283, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49293, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49299, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49232, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49235, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49265, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49290, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49259, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49270, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49252, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49231, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49269, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49245, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49249, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49227, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49296, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49230, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:18.615] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 83|max_alert: 1000 [2025-12-10 10:32:18.615] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:18.615] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:18.615] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:21.499] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25857 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.1726645691.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.1726645691.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023220Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=ee48433e18a9bed958aa94af9883c2eeac3141b61c16d5c0cf7b1d1087c9d4d6&X-Amz-Expires=604800"} [2025-12-10 10:32:21.499] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:21.499] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:21.499] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:21.499] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:21.499] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:21.499] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:21.652] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.1726645691.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333941499, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49304, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6123066711493411, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:32:21.652] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:32:21.652] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:21.652] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:21.652] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:24.605] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24723 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_IP.1727342458.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_IP.1727342458.jsonl?X-Amz-Signature=f6a64cf785939eab5fa32938d16d160e8365063adb60f3630d9fd0c56d1a6563&X-Amz-Date=20251210T023224Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-SignedHeaders=host"} [2025-12-10 10:32:24.605] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:24.605] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:24.605] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:24.605] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:24.605] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:24.606] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:24.882] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_IP.1727342458.jsonl|result:{"code": 1, "total_count": 81, "alert_count": 81, "abnormal_count": 81, "normal_count": 0, "timestamp": 1765333944606, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55428, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55413, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55434, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55416, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55381, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55430, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55441, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55424, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55444, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55412, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55375, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55437, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55403, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55438, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55377, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55385, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55400, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55410, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55419, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55427, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55429, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55442, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55394, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55399, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55397, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55451, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55443, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55426, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55382, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55425, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55392, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55374, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55406, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55440, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55389, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55405, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55433, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55408, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55436, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55448, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55383, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55402, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55398, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55435, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55390, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55404, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55384, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55420, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55387, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55449, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55452, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55380, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55417, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55432, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55378, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55454, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55422, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55391, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55376, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55415, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55414, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55411, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55386, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55388, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55396, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55401, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55395, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55379, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55393, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55407, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55421, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55431, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55439, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55423, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55445, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55446, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55409, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55418, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55447, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55450, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 55453, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 81, "2_sum": 81, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:24.882] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 81|max_alert: 1000 [2025-12-10 10:32:24.882] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:24.882] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:24.882] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:27.741] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25858 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain1.1727399825.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain1.1727399825.jsonl?X-Amz-Signature=39a2edffc11b25d27a5d6cd42741cba72f7bda2d31b490f49d67faadb3935d52&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T023227Z"} [2025-12-10 10:32:27.741] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:27.741] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:27.741] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:27.741] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:27.741] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:27.741] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:28.066] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain1.1727399825.jsonl|result:{"code": 1, "total_count": 78, "alert_count": 78, "abnormal_count": 78, "normal_count": 0, "timestamp": 1765333947741, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49975, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49935, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49936, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49964, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49970, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49937, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49985, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49953, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49932, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49974, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49927, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49938, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49967, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49945, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49971, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49972, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49918, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49949, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49993, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49991, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49983, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49952, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49956, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49981, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49966, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49976, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49954, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49924, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49922, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49989, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49921, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49923, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49951, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49929, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49978, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49940, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49980, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49955, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49941, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49979, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49959, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49984, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49920, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49968, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49992, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49987, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49986, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49915, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49934, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49916, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49943, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49939, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49958, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49962, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49977, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49931, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49944, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49942, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49965, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49925, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49926, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49919, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49947, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49948, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49963, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49973, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49988, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49950, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49933, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49969, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49990, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49961, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49928, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49930, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49960, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49946, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49957, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49982, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 78, "2_sum": 78, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:28.066] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 78|max_alert: 1000 [2025-12-10 10:32:28.066] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:28.066] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:28.066] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:30.849] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25511 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain3.1727407340.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain3.1727407340.jsonl?X-Amz-Signature=910383e11507deead0fa3a68247eea1efa50ad924013762c51afc05ae6a33f75&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T023230Z&X-Amz-SignedHeaders=host"} [2025-12-10 10:32:30.849] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:30.849] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:30.849] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:30.849] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:30.849] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:30.849] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:31.129] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain3.1727407340.jsonl|result:{"code": 1, "total_count": 82, "alert_count": 82, "abnormal_count": 82, "normal_count": 0, "timestamp": 1765333950849, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49702, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49722, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49774, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49709, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49772, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49725, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49776, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49742, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49721, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49718, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49738, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49761, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49750, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49711, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49768, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49756, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49704, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49755, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49734, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49699, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49713, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49745, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49714, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49736, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49739, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49769, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49770, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49698, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49726, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49707, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49775, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49779, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49715, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49764, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49708, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49720, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49748, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49703, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49735, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49754, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49767, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49716, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49729, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49771, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49741, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49766, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49717, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49724, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49751, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49723, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49705, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49749, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49752, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49763, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49700, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49733, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49728, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49732, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49737, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49740, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49743, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49744, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49753, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49746, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49727, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49759, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49765, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49777, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49719, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49757, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49710, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49712, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49731, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49758, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49730, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49778, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49773, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49760, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49747, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49762, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49706, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49701, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 82, "2_sum": 82, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:31.129] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 82|max_alert: 1000 [2025-12-10 10:32:31.129] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:31.129] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:31.129] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:34.008] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25859 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49304.1726645691.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49304.1726645691.jsonl?X-Amz-Date=20251210T023233Z&X-Amz-Expires=604800&X-Amz-Signature=834ab6024f2379d3e8d81142ad9c3ed7e4664da4f1e274464f160524b514a9d6&X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:32:34.008] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:34.008] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:34.008] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:34.008] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:34.008] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:34.009] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:34.164] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID17-tls1.3CS4.8_win7_kali_jdk_domain_mogai6zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49304.1726645691.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333954009, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49304, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.6123066711493411, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:32:34.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:32:34.164] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:34.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:34.164] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:37.115] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25860 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_IP.1727331897.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_IP.1727331897.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023236Z&X-Amz-Signature=1252a8d1ff739f34e8224a800289ba12c095b9ec4ebcd65f876f13a992100760&X-Amz-Expires=604800"} [2025-12-10 10:32:37.115] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:37.115] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:37.116] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:37.116] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:37.116] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:37.116] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:37.325] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_IP.1727331897.jsonl|result:{"code": 1, "total_count": 83, "alert_count": 83, "abnormal_count": 83, "normal_count": 0, "timestamp": 1765333957116, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51661, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51628, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51680, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51627, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51667, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51698, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51634, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51642, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51640, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51625, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51662, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51686, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51687, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51672, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51694, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51688, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51685, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51663, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51660, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51693, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51684, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51689, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51665, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51703, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51650, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51674, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51648, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51659, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51657, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51701, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51641, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51632, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51691, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51656, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51704, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51633, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51636, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51651, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51630, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51699, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51644, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51690, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51649, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51653, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51671, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51705, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51675, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51683, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51635, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51637, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51654, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51638, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51695, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51658, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51669, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51702, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51639, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51673, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51678, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51670, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51647, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51652, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51679, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51681, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51622, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51655, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51696, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51631, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51629, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51700, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51664, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51697, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51677, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51646, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51676, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51645, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51626, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51668, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51666, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51682, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51623, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51643, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51692, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 83, "2_sum": 83, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:37.325] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 83|max_alert: 1000 [2025-12-10 10:32:37.325] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:37.325] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:37.325] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:40.303] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25861 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_IP.1726231580.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_IP.1726231580.jsonl?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=2792e1fea36037cb839b3951bad0f07a6bf4ebc481a3715699b18fc3762007b6&X-Amz-Date=20251210T023239Z&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:32:40.303] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:40.303] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:40.303] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:40.303] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:40.303] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:40.304] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:40.784] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID37-tls1.2CS4.8_windowsserver2008R2_kali_jdk_IP.1726231580.jsonl|result:{"code": 1, "total_count": 112, "alert_count": 112, "abnormal_count": 112, "normal_count": 0, "timestamp": 1765333960304, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49762, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6136386008700495, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49806, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5384596680520871, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49738, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.556065568176585, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49740, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9905707754518996, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49784, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5867428998501907, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49799, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6919323589928076, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49798, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5082812344830834, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49800, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.871033591839092, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49807, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8389106261781561, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49736, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9302597975907252, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49729, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9809403467498196, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49742, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6722895974583883, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49758, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5170339122828921, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49808, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6251034461648688, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49815, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9158015699594543, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49734, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6210938167851258, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49730, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5159080078940774, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49782, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8697870780883761, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49783, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7181443487507455, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49785, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8136152869635334, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49796, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5044194103590364, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49777, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5468982995254779, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49832, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6286531314331995, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49812, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.706294070438774, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49835, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5153755324910493, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49797, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.52883481767944, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49828, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6922208905689694, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49749, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6008170142414708, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49735, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6044174595237511, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49829, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6696501252722467, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49771, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7764212664672496, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49761, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5797355308586791, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49780, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6390337958952678, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49778, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7691358987024841, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49726, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8796340641787784, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49737, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.843418453494677, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49773, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.582852363837905, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49760, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5764724568118251, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49766, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.658637965918502, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49781, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7180553419022515, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49731, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8069184177741681, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49768, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7923159438006254, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49793, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7448775286033605, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49803, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6133706568496836, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49814, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6370032511731919, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49791, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6397377817819792, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49816, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7886050268027243, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49753, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5251421371984287, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49795, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5959405319546456, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49817, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5837985214011719, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49741, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.500583047882938, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49786, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7056498770769668, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49819, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7796816380895873, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49824, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5001985835511848, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49836, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7476498691631281, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49820, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7009875241471245, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49763, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7796700010033336, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49751, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5932385233858124, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49756, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9992637837832119, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49805, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9076279080411869, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49752, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9162915280527086, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49745, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6496782883967288, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49810, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5704504550212608, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49789, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6773822762075351, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49813, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8473021275821616, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49823, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6289006823963365, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49747, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5299121356980994, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49776, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7513997131291468, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49826, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6476250969150931, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49728, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.581552265100639, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49809, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6669664689250583, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49779, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5206366532258659, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49788, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6280368830830702, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49743, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6349377840234155, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49724, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7583786231535891, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49764, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5457631195970173, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49739, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7701146257275753, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49765, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6815354861534739, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49787, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.583504759539638, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49748, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.984624479314741, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49770, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5466613106244127, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49733, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7423363665440812, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49746, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7776490640094732, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49790, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.54371796430135, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49822, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6434306036763413, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49774, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.577559415211814, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49833, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6010225292560541, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49767, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7687740604415702, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49769, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.682103695742048, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49802, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.500891163178614, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49792, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8325824699400155, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49827, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6137809734323465, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49772, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.5938334994630371, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49821, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7132269572254801, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49818, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6207400795826671, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49831, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5774538456489425, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49837, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9976796170307538, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49834, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6880216249895416, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49754, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6400899097383849, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49755, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5351759104514779, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49811, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5095207901246973, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49825, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8053130963076512, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49830, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6282666534121696, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49775, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6889816297826116, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49801, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.647914741453036, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49732, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9926483749592067, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49744, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9920095973296107, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49759, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6743796524080076, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49804, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5478133832825554, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49750, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.6270718523792758, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49757, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6312508887369193, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.163.40", "dest_ip": "192.168.163.38", "protocol": 6, "src_port": 49794, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5796788669375269, "2_count": 112, "2_sum": 112, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:40.784] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 112|max_alert: 1000 [2025-12-10 10:32:40.784] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:40.784] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:40.784] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:43.412] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24724 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain1.1727332585.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain1.1727332585.jsonl?X-Amz-Expires=604800&X-Amz-Date=20251210T023242Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=571f673f1419caf54fbfd7a7fab44bbc795fcf0747e40ddb9778aa9a392b358e"} [2025-12-10 10:32:43.412] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:43.412] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:43.412] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:43.412] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:43.412] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:43.413] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:43.626] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain1.1727332585.jsonl|result:{"code": 1, "total_count": 85, "alert_count": 85, "abnormal_count": 85, "normal_count": 0, "timestamp": 1765333963413, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51934, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51986, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51969, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51994, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51953, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51993, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51935, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52003, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52000, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51972, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51992, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51965, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51939, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51979, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51947, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51971, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51976, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52006, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51940, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51984, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52007, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51955, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51962, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51999, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52001, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51946, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51996, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51983, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51952, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51942, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51954, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51963, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51975, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51987, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51988, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51991, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52002, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51929, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51960, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51943, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51958, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51927, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51957, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51985, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51948, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51924, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51959, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51978, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51938, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51926, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51968, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51980, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51951, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51966, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51981, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51982, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51949, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51956, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51989, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51950, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51923, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51941, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51973, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51995, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51997, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52004, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51936, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51945, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51970, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51998, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51928, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51925, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51932, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51967, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51990, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51937, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51964, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51931, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51930, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51933, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51974, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51977, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51961, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52005, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51944, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 85, "2_sum": 85, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:43.626] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 85|max_alert: 1000 [2025-12-10 10:32:43.626] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:43.626] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:43.626] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:46.519] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25862 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain1.1727402108.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain1.1727402108.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023245Z&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=2ec79ded855d3d0d6c99bcda2ca5ea8c5f020a89e8d015301eeccff683775a72"} [2025-12-10 10:32:46.519] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:46.519] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:46.519] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:46.519] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:46.519] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:46.519] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:46.793] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain1.1727402108.jsonl|result:{"code": 1, "total_count": 74, "alert_count": 74, "abnormal_count": 74, "normal_count": 0, "timestamp": 1765333966519, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50622, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50634, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50683, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50641, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50655, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50663, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50680, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50632, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50638, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50675, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50649, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50628, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50664, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50682, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50661, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50637, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50656, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50686, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50635, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50629, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50670, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50631, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50690, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50659, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50671, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50633, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50660, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50644, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50623, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50627, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50621, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50653, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50652, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50669, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50673, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50657, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50642, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50658, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50672, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50640, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50643, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50639, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50645, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50654, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50620, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50662, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50619, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50666, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50636, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50648, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50650, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50668, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50684, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50687, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50665, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50678, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50689, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50681, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50646, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50624, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50688, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50677, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50647, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50667, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50679, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50626, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50685, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50674, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50630, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50618, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50676, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50651, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50617, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50625, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 74, "2_sum": 74, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:46.793] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 74|max_alert: 1000 [2025-12-10 10:32:46.793] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:46.793] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:46.793] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:49.626] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24725 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain1.1727339678.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain1.1727339678.jsonl?X-Amz-Date=20251210T023249Z&X-Amz-SignedHeaders=host&X-Amz-Expires=604800&X-Amz-Signature=bad66febaff1f112cf5544f118cf2758ed383a63aa82fc243f2233864a62d3b6&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:32:49.626] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:49.626] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:49.626] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:49.627] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:49.627] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:49.627] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:49.916] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain1.1727339678.jsonl|result:{"code": 1, "total_count": 88, "alert_count": 88, "abnormal_count": 88, "normal_count": 0, "timestamp": 1765333969628, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54039, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54089, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54090, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54017, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54055, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54084, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54030, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54072, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54012, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54005, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54038, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54082, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54074, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54036, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54086, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54048, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54079, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54009, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54076, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54011, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54018, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54040, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54016, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54051, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54064, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54049, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54026, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54065, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54021, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54067, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54073, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54034, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54058, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54088, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54033, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54035, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54023, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54024, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54043, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54050, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54091, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54071, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54052, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54080, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54060, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54008, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54044, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54085, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54032, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54007, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54041, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54063, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54077, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54031, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54028, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54029, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54062, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54053, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54078, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54006, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54054, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54056, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54059, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54068, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54087, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54075, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54010, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54037, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54014, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54027, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54057, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54025, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54022, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54069, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54070, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54092, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54020, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54083, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54019, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54047, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54061, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54013, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54046, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54042, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54015, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54045, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54066, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54081, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 88, "2_sum": 88, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:49.916] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 88|max_alert: 1000 [2025-12-10 10:32:49.916] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:49.916] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:49.916] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:52.762] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24726 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain3.1727400278.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain3.1727400278.jsonl?X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023252Z&X-Amz-Signature=74112d35926de6e7e866f16cafac8bba0b9593ab44dbb8e6009f76b9cb33028c&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:32:52.762] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:52.762] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:52.762] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:52.762] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:52.762] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:52.762] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:53.031] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain3.1727400278.jsonl|result:{"code": 1, "total_count": 71, "alert_count": 71, "abnormal_count": 71, "normal_count": 0, "timestamp": 1765333972762, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50069, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50071, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50121, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50128, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50079, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50084, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50080, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50092, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50070, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50116, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50068, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50120, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50125, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50129, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50130, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50074, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50075, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50102, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50083, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50086, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50109, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50119, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50099, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50137, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50081, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50078, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50136, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50123, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50108, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50100, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50107, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50117, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50105, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50076, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50132, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50073, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50090, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50089, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50124, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50126, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50134, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50087, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50133, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50067, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50085, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50098, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50113, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50103, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50072, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50114, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50122, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50115, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50110, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50093, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50135, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50094, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50091, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50096, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50131, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50077, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50088, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50111, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50112, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50097, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50127, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50104, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50118, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50106, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50095, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50082, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50101, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:53.031] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 71|max_alert: 1000 [2025-12-10 10:32:53.031] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:53.031] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:53.032] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:55.868] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25863 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain2.1727402473.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain2.1727402473.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=c462836250f3d5c719390b4f320999039e69dccc376b4221ef986c8d3bd23a57&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T023255Z&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:32:55.868] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:55.868] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:55.868] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:55.868] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:55.868] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:55.869] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:56.130] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain2.1727402473.jsonl|result:{"code": 1, "total_count": 72, "alert_count": 72, "abnormal_count": 72, "normal_count": 0, "timestamp": 1765333975869, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50753, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50697, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50715, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50742, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50698, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50725, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50737, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50710, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50755, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50761, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50708, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50711, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50738, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50744, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50714, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50692, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50705, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50732, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50757, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50719, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50759, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50701, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50699, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50691, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50713, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50694, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50758, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50743, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50748, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50731, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50735, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50727, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50741, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50752, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50751, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50760, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50693, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50728, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50734, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50700, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50704, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50730, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50736, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50718, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50722, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50723, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50747, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50750, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50762, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50745, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50720, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50709, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50740, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50717, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50746, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50703, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50726, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50721, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50702, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50706, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50712, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50739, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50707, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50749, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50695, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50754, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50716, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50696, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50729, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50733, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50756, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50724, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:32:56.130] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 72|max_alert: 1000 [2025-12-10 10:32:56.130] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:56.130] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:56.130] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:32:59.029] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25864 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.1726643552.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.1726643552.jsonl?X-Amz-Signature=0ff8c62f5826935e3885cd479ea44679f0c54b1df7673ef0ccffb1a6d04ecc61&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T023258Z"} [2025-12-10 10:32:59.029] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:32:59.029] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:32:59.029] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:32:59.029] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:32:59.029] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:32:59.030] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:32:59.270] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.1726643552.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333979030, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49296, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9281476353222149, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:32:59.270] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:32:59.270] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:32:59.270] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:32:59.270] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:02.193] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25512 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49296.1726643552.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49296.1726643552.jsonl?X-Amz-SignedHeaders=host&X-Amz-Signature=31571a3856bc48ab894cc101a9ffa5e68ab8493184edc0d77dcb94b523c4669a&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20251210T023301Z"} [2025-12-10 10:33:02.193] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:02.193] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:02.193] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:02.193] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:02.193] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:02.193] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:02.389] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID20-tls1.3CS4.8_win7_ubuntu_openjdk_IP_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-24_50050_192-168-88-30_49296.1726643552.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765333982194, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.24", "protocol": 6, "src_port": 49296, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.9281476353222149, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:33:02.389] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:33:02.389] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:02.389] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:02.389] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:05.311] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24727 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain3.1727402643.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain3.1727402643.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=31131b481feb07e1f6f2c612d3b8beb39e6547d787c5915a045db09a8e155ad8&X-Amz-Date=20251210T023304Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:33:05.311] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:05.311] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:05.311] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:05.311] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:05.311] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:05.311] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:05.558] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID44-httpCS4.8_windowsserver2016_ubuntu_openjdk_domain3.1727402643.jsonl|result:{"code": 1, "total_count": 67, "alert_count": 67, "abnormal_count": 67, "normal_count": 0, "timestamp": 1765333985311, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50780, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50803, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50811, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50787, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50827, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50766, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50826, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50790, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50804, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50824, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50772, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50781, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50815, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50816, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50779, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50814, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50825, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50810, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50789, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50812, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50768, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50785, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50801, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50784, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50793, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50774, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50794, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50796, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50763, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50769, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50767, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50770, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50813, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50820, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50819, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50797, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50798, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50777, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50782, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50823, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50799, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50771, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50808, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50805, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50807, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50764, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50776, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50786, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50800, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50828, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50795, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50792, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50829, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50809, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50817, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50791, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50821, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50788, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50806, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50765, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50818, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50822, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50775, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50802, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50773, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50778, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50783, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 67, "2_sum": 67, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:33:05.558] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 67|max_alert: 1000 [2025-12-10 10:33:05.558] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:05.558] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:05.558] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:08.429] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24728 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain2.1727407090.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain2.1727407090.jsonl?X-Amz-Expires=604800&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host&X-Amz-Signature=060ae01089d01ab5e888e712d89656fadde914e7bd41b47cfd254f30e68a3ef3&X-Amz-Date=20251210T023307Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:33:08.429] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:08.429] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:08.429] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:08.429] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:08.429] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:08.430] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:08.692] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID36-httpCS4.8_windowsserver2008_ubuntu_openjdk_domain2.1727407090.jsonl|result:{"code": 1, "total_count": 72, "alert_count": 72, "abnormal_count": 72, "normal_count": 0, "timestamp": 1765333988430, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49661, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49675, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49627, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49631, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49633, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49648, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49679, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49666, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49640, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49629, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49678, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49682, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49685, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49686, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49696, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49697, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49658, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49677, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49674, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49662, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49664, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49680, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49668, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49654, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49634, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49652, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49690, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49639, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49672, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49673, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49653, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49651, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49635, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49644, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49667, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49659, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49660, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49693, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49632, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49669, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49695, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49641, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49642, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49646, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49655, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49671, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49649, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49694, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49691, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49692, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49663, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49626, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49636, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49688, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49643, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49630, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49670, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49684, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49657, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49647, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49689, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49656, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49650, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49665, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49687, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49628, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49681, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49637, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49638, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49676, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49645, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.129", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49683, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 72, "2_sum": 72, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:33:08.692] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 72|max_alert: 1000 [2025-12-10 10:33:08.692] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:08.692] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:08.692] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:11.535] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[1] at offset 24729 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain2.1727400094.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain2.1727400094.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023311Z&X-Amz-Expires=604800&X-Amz-Signature=ff12a1fd4a8108b05d1c06d93613673ffc21039f44c8caaf409652f1bd1eaa09&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-SignedHeaders=host"} [2025-12-10 10:33:11.536] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:11.536] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:11.536] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:11.536] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:11.536] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:11.536] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:11.788] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID43-httpCS4.8_windowsserver2016_ubuntu_jdk_domain2.1727400094.jsonl|result:{"code": 1, "total_count": 73, "alert_count": 73, "abnormal_count": 73, "normal_count": 0, "timestamp": 1765333991536, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50036, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50012, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50009, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50004, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49997, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50014, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50005, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50059, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50002, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50018, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50057, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50056, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50066, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50022, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50052, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50042, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50062, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50006, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50020, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50043, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50027, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50029, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50048, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50033, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49998, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50010, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50054, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50019, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50045, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49995, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50061, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50015, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49994, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50003, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50032, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50053, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50024, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50038, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50035, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50044, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50065, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50049, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50034, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50040, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50013, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49996, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49999, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50050, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50041, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50028, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50030, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50025, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50046, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50007, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50016, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50047, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50021, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50000, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50063, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50001, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50011, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50051, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50058, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50008, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50026, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50023, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50060, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50017, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50031, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50064, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50037, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50039, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 50055, "dest_port": 8900, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 73, "2_sum": 73, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:33:11.788] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 73|max_alert: 1000 [2025-12-10 10:33:11.788] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:11.788] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:11.788] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:14.643] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25865 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain1.1727337172.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain1.1727337172.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800&X-Amz-Date=20251210T023314Z&X-Amz-SignedHeaders=host&X-Amz-Signature=826898c64d59561051b5ec91ea2edfeb94d810137977f89f1b69594a82cd70ed&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:33:14.643] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:14.643] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:14.643] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:14.643] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:14.643] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:14.644] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:14.918] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID41-httpCS4.8_windowsserver2016_kali_jdk_domain1.1727337172.jsonl|result:{"code": 1, "total_count": 79, "alert_count": 79, "abnormal_count": 79, "normal_count": 0, "timestamp": 1765333994644, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51934, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51956, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51906, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51903, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51894, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51918, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51896, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51933, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51910, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51950, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51935, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51919, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51892, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51920, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51925, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51915, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51923, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51891, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51888, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51890, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51926, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51937, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51943, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51911, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51922, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51928, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51898, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51932, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51913, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51917, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51929, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51899, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51938, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51939, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51884, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51942, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51945, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51947, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51953, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51908, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51883, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51902, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51889, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51912, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51948, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51954, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51955, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51880, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51927, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51936, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51909, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51900, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51905, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51882, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51931, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51944, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51941, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51951, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51907, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51916, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51946, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51885, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51952, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51904, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51921, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51914, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51940, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51897, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51886, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51879, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51893, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51930, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51878, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51895, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51949, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51881, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51924, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51901, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51887, "dest_port": 8070, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 79, "2_sum": 79, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:33:14.918] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 79|max_alert: 1000 [2025-12-10 10:33:14.918] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:14.918] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:14.918] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:17.779] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25866 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain3.1727340077.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain3.1727340077.jsonl?X-Amz-Date=20251210T023317Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Signature=a7ac7b16baa913a4319b3d6b6528799b5f0b4b41da1d5bc14e8dbb06c087e48b&X-Amz-Expires=604800"} [2025-12-10 10:33:17.779] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:17.779] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:17.779] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:17.779] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:17.779] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:17.779] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:17.985] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID42-httpCS4.8_windowsserver2016_kali_openjdk_domain3.1727340077.jsonl|result:{"code": 1, "total_count": 75, "alert_count": 75, "abnormal_count": 75, "normal_count": 0, "timestamp": 1765333997779, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54211, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54192, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54253, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54256, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54208, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54234, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54221, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54207, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54200, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54223, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54233, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54222, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54232, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54195, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54257, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54218, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54201, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54227, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54225, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54239, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54190, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54224, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54248, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54202, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54213, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54229, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54206, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54242, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54243, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54247, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54255, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54212, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54259, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54236, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54262, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54220, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54214, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54260, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54189, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54226, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54238, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54261, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54254, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54193, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54219, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54205, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54237, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54194, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54191, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54235, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54246, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54241, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54228, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54245, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54203, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54251, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54188, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54252, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54215, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54244, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54209, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54196, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54231, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54240, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54258, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54197, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54250, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54204, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54230, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54198, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54210, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54217, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54249, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54199, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.134", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 54216, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 75, "2_sum": 75, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:33:17.985] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 75|max_alert: 1000 [2025-12-10 10:33:17.985] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:17.985] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:17.985] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:20.938] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25867 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.1726645853.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.1726645853.jsonl?X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023320Z&X-Amz-Signature=602eb174b9b71e4b2bfcc74ff5f91a1d3a56e9fd464363f3372f7adbd1cf7abd&X-Amz-Algorithm=AWS4-HMAC-SHA256"} [2025-12-10 10:33:20.938] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:20.938] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:20.938] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:20.938] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:20.938] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:20.939] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:21.098] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.1726645853.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765334000939, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49305, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8090173344462287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:33:21.098] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:33:21.098] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:21.098] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:21.098] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:24.108] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25513 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49305.1726645853.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49305.1726645853.jsonl?X-Amz-SignedHeaders=host&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=099ab9b9868772dfa0dff71a717f4b7e4d7924a225ee6af5c553b6b3635372b7&X-Amz-Date=20251210T023323Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Expires=604800"} [2025-12-10 10:33:24.108] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:24.108] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:24.109] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:24.109] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:24.109] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:24.109] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:24.269] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID18-tls1.3CS4.8_win7_kali_openjdk_domain_mogai4zwlkhflow1zwrkh.pcap.TCP_192-168-88-22_50050_192-168-88-30_49305.1726645853.jsonl|result:{"code": 1, "total_count": 1, "alert_count": 1, "abnormal_count": 1, "normal_count": 0, "timestamp": 1765334004109, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.88.30", "dest_ip": "192.168.88.22", "protocol": 6, "src_port": 49305, "dest_port": 50050, "y_pred": 3, "y_pred_proba_max": 0.8090173344462287, "2_count": 1, "2_sum": 1, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}]} [2025-12-10 10:33:24.269] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 1|max_alert: 1000 [2025-12-10 10:33:24.269] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:24.269] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:24.269] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:27.216] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25868 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain2.1727322878.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain2.1727322878.jsonl?X-Amz-Date=20251210T023326Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Signature=dab2d4bb2b77835a9aed95b2034e583a2b7dadb0131c35540a95cd6c8cd1ce1a&X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request"} [2025-12-10 10:33:27.216] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:27.216] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:27.216] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:27.216] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:27.216] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:27.216] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:27.422] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID46-httpCS4.8_windowsserver2022_kali_openjdk_domain2.1727322878.jsonl|result:{"code": 1, "total_count": 76, "alert_count": 76, "abnormal_count": 76, "normal_count": 0, "timestamp": 1765334007216, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51452, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51437, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51466, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51465, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51483, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51472, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51481, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51415, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51425, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51458, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51436, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51430, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51446, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51473, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51440, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51478, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51439, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51418, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51423, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51427, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51429, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51435, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51443, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51454, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51428, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51451, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51456, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51448, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51420, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51444, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51457, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51462, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51455, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51463, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51477, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51426, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51482, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51461, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51467, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51476, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51486, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51419, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51484, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51412, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51431, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51416, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51424, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51433, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51447, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51449, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51480, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51438, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51417, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51414, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51441, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51453, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51422, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51487, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51442, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51432, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51474, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51434, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51450, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51413, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51469, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51459, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51460, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51471, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51479, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51485, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51468, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51470, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51421, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51475, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51445, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 51464, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:33:27.422] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 76|max_alert: 1000 [2025-12-10 10:33:27.422] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:27.422] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:27.422] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:30.350] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[0] at offset 25869 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_tls1.2.1727153080.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_tls1.2.1727153080.jsonl?X-Amz-Signature=7a53aea4d6866b528b6b8ef65ecc36fc39225b422675a7a1a4be64b3656a989d&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023329Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800"} [2025-12-10 10:33:30.350] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:30.350] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:30.350] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:30.350] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:30.350] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:30.350] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:30.654] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID3_CS4.8_win11_Ubuntu_jdk_IP_tls1.2.1727153080.jsonl|result:{"code": 1, "total_count": 38, "alert_count": 38, "abnormal_count": 38, "normal_count": 0, "timestamp": 1765334010350, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55692, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9990730504881599, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55719, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.7896022920217274, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55712, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8471099601102638, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55710, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9354175145683326, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55698, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8655711790715526, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55708, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7268629780454691, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55709, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8052223147326051, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55703, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.43443764307544475, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55713, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9982322072604607, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55705, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9373204042335789, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55695, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9129807087497314, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55700, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7314742499457998, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55715, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8350117121599183, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55714, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.938727652183485, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55699, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9554137073287443, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55704, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9309465327242803, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55706, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9841489013912004, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55693, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8281936818521867, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55701, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.9498470602830497, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55690, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6761603717156351, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55697, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8142165268723669, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55711, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8735355670445143, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55716, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8656962618480851, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55702, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8265037057823466, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55717, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7529186856087583, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55720, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8814570303567651, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55721, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9381423087481368, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55707, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6533423344481836, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55723, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.8126107105818402, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55726, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.6035592187695511, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55722, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9064747546557115, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55694, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8757593163586462, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55691, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.5250009064998892, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55718, "dest_port": 443, "y_pred": 1, "y_pred_proba_max": 0.966755928267684, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55725, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.9179112567335342, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55684, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.7768616135426153, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55696, "dest_port": 443, "y_pred": 3, "y_pred_proba_max": 0.8550177058387493, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "Godzilla"}, {"src_ip": "192.168.32.40", "dest_ip": "192.168.32.41", "protocol": 6, "src_port": 55683, "dest_port": 80, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 38, "2_sum": 38, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:33:30.654] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 38|max_alert: 1000 [2025-12-10 10:33:30.654] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:30.654] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:30.654] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:33.456] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25514 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain2.1727332783.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain2.1727332783.jsonl?X-Amz-Signature=4898d473eb0b31cf894867dfa40eaaae1a9a4cd7653fdd114d47b6ce91999830&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-Date=20251210T023333Z&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host"} [2025-12-10 10:33:33.456] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:33.456] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:33.457] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:33.457] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:33.457] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:33.457] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:33.751] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain2.1727332783.jsonl|result:{"code": 1, "total_count": 76, "alert_count": 76, "abnormal_count": 76, "normal_count": 0, "timestamp": 1765334013457, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52079, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52065, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52037, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52062, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52040, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52043, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52046, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52068, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52057, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52049, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52060, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52039, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52080, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52054, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52009, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52081, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52048, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52010, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52012, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52066, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52041, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52067, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52056, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52061, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52021, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52025, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52030, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52077, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52078, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52020, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52073, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52026, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52015, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52013, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52045, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52033, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52047, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52034, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52032, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52044, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52051, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52053, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52022, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52031, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52016, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52035, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52029, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52050, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52064, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52076, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52017, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52014, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52055, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52042, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52027, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52024, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52023, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52070, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52011, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52075, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52071, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52018, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52083, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52069, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52028, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52052, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52019, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52074, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52082, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52058, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52063, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52036, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52008, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52038, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52059, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52072, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 76, "2_sum": 76, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:33:33.751] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 76|max_alert: 1000 [2025-12-10 10:33:33.751] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:33.751] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:33.751] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:36.563] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25515 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain3.1727317421.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain3.1727317421.jsonl?X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=604800&X-Amz-SignedHeaders=host&X-Amz-Date=20251210T023336Z&X-Amz-Signature=e4c32829648988391bcbb737038083067e3f30ef9916c3ad672f230054352142"} [2025-12-10 10:33:36.563] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:36.563] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:36.563] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:36.563] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:36.563] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:36.564] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:36.819] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID48-httpCS4.8_windowsserver2022_ubuntu_openjdk_domain3.1727317421.jsonl|result:{"code": 1, "total_count": 64, "alert_count": 64, "abnormal_count": 64, "normal_count": 0, "timestamp": 1765334016564, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49884, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49860, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49887, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49863, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49869, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49888, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49895, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49910, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49896, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49918, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49885, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49892, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49868, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49894, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49882, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49908, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49862, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49911, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49917, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49898, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49902, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49914, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49909, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49866, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49877, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49878, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49915, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49880, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49899, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49919, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49913, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49873, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49920, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49876, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49901, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49874, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49921, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49875, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49923, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49871, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49864, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49890, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49897, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49916, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49900, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49872, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49870, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49922, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49867, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49912, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49879, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49865, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49905, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49904, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49891, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49861, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49886, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49883, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49889, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49906, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49907, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49903, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49881, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.136", "protocol": 6, "src_port": 49893, "dest_port": 8990, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 64, "2_sum": 64, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:33:36.819] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 64|max_alert: 1000 [2025-12-10 10:33:36.819] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:36.819] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:36.819] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka. [2025-12-10 10:33:39.670] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:411) Message in-> topic:analyzed_queue_gbm partition:[2] at offset 25516 key: NULL payload: {"bucket":"2025-12-10","object":"10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain3.1727332979.jsonl","url":"http://111.32.12.11:9000/2025-12-10/10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain3.1727332979.jsonl?X-Amz-SignedHeaders=host&X-Amz-Credential=UDM59PO2GGFR6AM8LSXP%2F20251210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20251210T023339Z&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Signature=1983f32051d39f9fe97c665e30f586688842bdb78a0c394c13d20b86be86c86a&X-Amz-Expires=604800"} [2025-12-10 10:33:39.670] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:259) process model: 1 [2025-12-10 10:33:39.670] [INFO] [tid:134145839584960] (AiModule.cpp:129) load so_code_gbm.so lib [2025-12-10 10:33:39.670] [INFO] [tid:134145839584960] (AiModule.cpp:131) load so module so_code_gbm [2025-12-10 10:33:39.670] [INFO] [tid:134145839584960] (AiModule.cpp:140) get function load [2025-12-10 10:33:39.670] [INFO] [tid:134145839584960] (AiModule.cpp:148) prepare args for function load [2025-12-10 10:33:39.671] [INFO] [tid:134145839584960] (AiModule.cpp:158) load result:0 [2025-12-10 10:33:39.925] [DEBUG] [tid:134145839584960] (AiModule.cpp:211) bucket:2025-12-10|object:10/output/gbm/replay.pcap-ID45-httpCS4.8_windowsserver2022_kali_jdk_domain3.1727332979.jsonl|result:{"code": 1, "total_count": 71, "alert_count": 71, "abnormal_count": 71, "normal_count": 0, "timestamp": 1765334019671, "module": "anquanchu", "proto": "other", "alerted": true, "details": [{"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52104, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52084, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52105, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52143, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52153, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52111, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52132, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52142, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52089, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52098, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52150, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52087, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52127, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52122, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52099, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52128, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52133, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52149, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52152, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52117, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52093, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52148, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52095, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52090, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52092, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52091, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52135, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52145, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52137, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52125, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52136, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52108, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52126, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52146, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52112, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52100, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52096, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52097, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52115, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52121, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52085, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52110, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52139, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52123, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52147, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52129, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52140, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52101, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52120, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52088, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52107, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52103, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52113, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52118, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52124, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52144, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52106, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52094, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52109, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52138, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52114, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52155, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52116, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52131, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52102, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52134, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52154, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52141, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52151, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52130, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}, {"src_ip": "192.168.37.138", "dest_ip": "192.168.37.132", "protocol": 6, "src_port": 52119, "dest_port": 8090, "y_pred": 1, "y_pred_proba_max": 0.9987206201280128, "2_count": 71, "2_sum": 71, "2_ratio": 1.0, "5_count": 1, "5_sum": 1, "5_ratio": 1.0, "y_pred_text": "AntSword"}]} [2025-12-10 10:33:39.925] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:332) gbm alert_count: 71|max_alert: 1000 [2025-12-10 10:33:39.925] [DEBUG] [tid:134145839584960] (KafkaConsumer.cpp:333) gbm检测模型:webshell_lgbm_classifier.lgb.20250902_171938.joblib [2025-12-10 10:33:39.925] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:362) 根据预测结果alert_count 判断上报文件到kafka. [2025-12-10 10:33:39.925] [INFO] [tid:134145839584960] (KafkaConsumer.cpp:374) 上报kafka.