This project helps in detecting ips which are periodically attacking websites by a botnet to cause Distributed Denial of Service (DDOS)
It basically analyse a log file in Apache Log File Format
please find the sample log file for analysis here
- Setup Java
- Setup Maven
- Setup Kafka
- Setup Zookeeper
- Create kafka topic
- log_file_path : this attribute takes log file absoulte path
- kafka_brokers : this attribute takes kafka broker url example: localhost:9092
- website_logs : this attribute takes kafka topic name as input
- stream_batch_size : this attribute helps to set no of lines we want to publish in single kafka message
- process_secs : this attribute helps to set time in seconds for which DDOS hits will be calculated
- ddos_detection_hits : this attribute helps to set no of hits to be considered for possible DDOS
- output_file_path : this attribute helps to set output file path in which DDOS detected ips will be written
{
"log_file_path": "./apache-access-log.txt",
"kafka_brokers": "localhost:9092",
"topic_name": "website_logs",
"stream_batch_size": "10000",
"process_secs": "1",
"ddos_detection_hits": "5",
"output_file_path": "./results/ddos_detected_ips.txt"
}- clone this project to your machine
- run below command in project root directory
- mvn build
- Reading and Producing Log Messages use below command
- java -jar target/DDOSDetector-v-0.1.jar stream
- Consuming and Detecting Ips from Messages use below command
- java -jar target/DDOSDetector-v-0.1.jar process