Пример #1
0
  @Override
  public void headAction(Node[] args, int length, RuleContext context) {

    checkArgs(length, context);
    Node n0 = getArg(0, args, context);
    Node n1 = getArg(1, args, context);
    Node n2 = getArg(2, args, context);
    logger.fine("BLACKLIST in head action " + n0 + " " + n1 + " " + n2);

    SolrDocumentList docs =
        SolrUtil.getDocsbySPO(null, IDS.hasSourceDeviceId.toString(), n2.toString(), 4, true);
    logger.fine(" docs are " + docs);
    int countIncidents = 0;
    for (int k = 0; k < docs.size(); k++) {
      SolrDocument doc = docs.get(k);
      logger.fine(" doc received is " + doc);
      String subject = (String) doc.getFieldValue("subject_t");
      SolrDocumentList docs2 = SolrUtil.getDocsbySPO(subject, "*incidentTime*", null, 1);
      logger.fine(" docs2 are " + docs2);
      Calendar timeStamp = Util.toCalendar((String) docs2.get(0).getFieldValue("object_t"));
      logger.info("TIMESTAMP: " + timeStamp.getTime());

      Calendar oldNow = Util.getNowPlus(-86400000);
      logger.fine("24 hours ago: " + Util.calendarToISO8601String(oldNow));

      if (timeStamp.compareTo(oldNow) > 0) {
        countIncidents = countIncidents + 1;
        logger.fine("CountIncidents: " + countIncidents);
      }
    }
    SolrDocumentList docs2 =
        SolrUtil.getDocsbySPO(
            null, IDS.isAttackedByID.toString(), n2.toString(), SolrUtil.MAX_DOCS, true);

    if (docs2.size() <= 0) {
      if (countIncidents == 4) {

        Node sub = NodeFactory.createURI(IDS.Attack.getURI() + UUID.randomUUID());
        Node pred1 = NodeFactory.createURI(IDS.hasStatus.getURI());
        Node obj1 = NodeFactory.createLiteral("Multiple ID Attempt Attack");
        context.add(new Triple(sub, pred1, obj1));
        logger.fine("added n-triple: " + sub + "," + pred1 + "," + obj1);

        Node pred2 = NodeFactory.createURI(IDS.isAttackedByID.getURI());
        context.add(new Triple(sub, pred2, n2));
        logger.fine("added n-triple: " + sub + "," + pred2 + "," + n2);

        SolrDocument doc = docs.get(0);
        Date timeStamp = (Date) doc.getFieldValue("timestamp");
        Calendar cal = Calendar.getInstance();
        cal.setTime(timeStamp);
        String aTimeStart = Util.calendarToISO8601String(cal);
        Node obj2 = NodeFactory.createLiteral(aTimeStart);

        Node pred3 = NodeFactory.createURI(IDS.attackStartTime.getURI());
        context.add(new Triple(sub, pred3, obj2));
        logger.fine("added n-triple: " + sub + "," + pred3 + "," + obj2);

        SolrDocument doc2 = docs.get(docs.size() - 1);
        Date timeStamp2 = (Date) doc.getFieldValue("timestamp");
        Calendar cal2 = Calendar.getInstance();
        cal2.setTime(timeStamp2);
        String aTimeStart2 = Util.calendarToISO8601String(cal2);
        Node obj3 = NodeFactory.createLiteral(aTimeStart2);

        Node pred4 = NodeFactory.createURI(IDS.attackEndTime.getURI());
        context.add(new Triple(sub, pred4, obj3));
        logger.fine("added n-triple: " + sub + "," + pred4 + "," + obj3);
      }
    }
  }
Пример #2
0
  /**
   * This method is invoked when the builtin is called in a rule body.
   *
   * @param args the array of argument values for the builtin, this is an array of Nodes, some of
   *     which may be Node_RuleVariables.
   * @param length the length of the argument list, may be less than the length of the args array
   *     for some rule engines
   * @param context an execution context giving access to other relevant data
   * @return return true if the buildin predicate is deemed to have succeeded in the current
   *     environment
   */
  @Override
  public boolean bodyCall(Node[] args, int length, RuleContext context) {
    if (length != 3) {
      throw new BuiltinException(
          this, context, "builtin " + getName() + " requires 3 arguments but saw " + length);
    }

    BindingEnvironment env = context.getEnv();

    Node subj = getArg(0, args, context);
    Node pred = getArg(1, args, context);
    Node obj = getArg(2, args, context);

    logger.fine("BLACKLIST Body Call subject is " + subj + " pred is " + pred + " obj is " + obj);
    checkArgs(length, context);
    Node n0 = getArg(0, args, context);
    Node n1 = getArg(1, args, context);
    Node n2 = getArg(2, args, context);
    logger.fine(
        "BLACKLIST in Body Call " + n0 + " " + n1.getLiteralValue() + " " + n2.getLiteralValue());

    int numberToGet = (Integer) n1.getLiteralValue();
    int hoursSince = (Integer) n2.getLiteralValue();

    logger.fine(" BLACKLIST numberToGet = " + numberToGet + " hours since = " + hoursSince);

    // String deviceId = (String) n0.getLiteralValue();
    String SourceIP = (String) n0.getLiteralValue();

    // logger.fine(" deviceId = " + deviceId);
    logger.fine(" SourceIP = " + SourceIP);

    SolrDocumentList docs =
        SolrUtil.getDocsbySPO(null, IDS.hasSourceIP.toString(), SourceIP, numberToGet, true);
    logger.fine(" docs are " + docs);
    if (docs.size() >= numberToGet) {
      int countIncidents = 0;
      Calendar oldNow = Util.getNowPlus(-1 * ((hoursSince * 60) * 60 * 1000));
      logger.fine("24 hours ago: " + Util.calendarToISO8601String(oldNow));

      for (int k = 0; k < docs.size(); k++) {
        SolrDocument doc = docs.get(k);
        logger.fine(" doc received is " + doc);
        String subject = (String) doc.getFieldValue("subject_t");
        SolrDocumentList docs2 = SolrUtil.getDocsbySPO(subject, "*incidentTime*", null, 1);
        logger.fine(" docs2 are " + docs2);
        Calendar timeStamp = Util.toCalendar((String) docs2.get(0).getFieldValue("object_t"));
        logger.info("TIMESTAMP: " + timeStamp.getTime());

        if (timeStamp.compareTo(oldNow) > 0) {
          countIncidents = countIncidents + 1;
          logger.fine("CountIncidents: " + countIncidents);
        }
      }
      logger.fine(" countIncidents = " + countIncidents + " number to get = " + numberToGet);
      if (countIncidents >= numberToGet) {
        logger.fine(" returning TRUE");
        return true;
      }
    } else {

      return false;
    }
    return false;
  }