def fetch_domains():
    """
    To fetch urls from the database, and return urls
    """
    db = MySQL()
    sql = 'SELECT domain FROM domain_white_list'
    db.query(sql)
    urls = db.fetch_all_rows()
    return tuple_to_list(urls)
def get_resource_data(tb_name):
    """
    获得基础数据
    :param tb_name:string 表名
    :return: 返回基础数据
    """
    db = MySQL(DESTINATION_CONFIG)
    db.query('SELECT tld, SUM(whois_sum) AS count FROM domain_whois_%s WHERE flag <> "-6" GROUP BY tld' % tb_name)
    results = db.fetch_all_rows()
    return results
def update_day():
    """更新表whois_sum_by_day,即统计数据库中最新的域名whois总量
    """

    print str(datetime.now()), '开始更新当天数据库中最新的WHOIS总量(whois_sum_by_day)'
    db = MySQL(DESTINATION_CONFIG)
    sql = 'INSERT INTO whois_sum_by_day(sum) SELECT MAX(tld_sum) FROM whois_sum \
            WHERE to_days(insert_time) = to_days(now())'
    db.insert(sql)
    db.close()
    print str(datetime.now()), '结束更新当天数据库中最新的WHOIS总量(whois_sum_by_day)'
def update_table(tb_name):
    """
    更新表
    :param tb_name:
    :return:
    """
    sql = 'SELECT flag,sum(whois_sum) FROM domain_whois_%s GROUP BY flag' % tb_name.lower()
    flag_undetected = flag_no_svr = flag_no_connect = 0
    flag_reg_info = flag_reg_date = flag_part_info = 0
    db = MySQL(DESTINATION_CONFIG)
    db.query(sql)
    results = db.fetch_all_rows()

    for item in results:
        flag = item[0]
        whois_sum = item[1]
        if flag == '-6':
            flag_undetected += whois_sum
        if flag == '-5':
            flag_no_svr += whois_sum
        elif flag == '-1' or flag == '-2' or flag == '-3' or flag == '-4':
            flag_no_connect += whois_sum
        elif flag == '120' or flag == '121' or flag == '122':
            flag_reg_info += whois_sum
        elif flag == '110' or flag == '102' or flag == '112':
            flag_reg_date += whois_sum
        elif flag == '100' or flag == '101' or flag == '111':
            flag_part_info += whois_sum

    sql = 'INSERT INTO table_overall_history (table_name,flag_undetected,\
          flag_no_svr,flag_no_connect,flag_reg_info,flag_reg_date,flag_part_info) \
          VALUES ("%s","%s","%s","%s","%s","%s","%s")' % ('domain_whois_'+tb_name,flag_undetected,flag_no_svr,flag_no_connect,flag_reg_info,flag_reg_date,flag_part_info)
    db.insert(sql)
    db.close()
def update_db():
    """
    更新数据库
    """
    svr_num = sum_all_list()
    db = MySQL(DESTINATION_CONFIG)
    db.truncate('TRUNCATE TABLE top_sec_svr')
    sql = 'INSERT INTO top_sec_svr(top_svr, sec_svr, whois_sum) VALUES("%s", "%s", "%s")'
    for top,sec,num in svr_num:
        db.insert_no_commit(sql % (top,sec,num))
    db.commit()
    db.close()
def update_destination(tb_name, results):
    """
    更新数据库
    :param results:
    :return:
    """
    destination_db = MySQL(DESTINATION_CONFIG)
    destination_db.truncate('TRUNCATE TABLE domain_whois_%s' % tb_name)
    for item in results:
        destination_db.insert_no_commit('INSERT INTO domain_whois_%s (tld,flag,whois_sum) VALUES ("%s","%s","%s")' % (
            tb_name, item[0], item[1], item[2]))
    destination_db.commit()
    destination_db.close()
def update_db():
    """更新数据库"""
    tld_whois = sum_all_whois()
    total = 0
    db = MySQL(DESTINATION_CONFIG)
    sql = 'INSERT INTO tld_whois_sum_history(tld,whois_sum) VALUES("%s", "%s")' # 插入数据
    for tld,whois in tld_whois:
        db.insert_no_commit(sql % (tld,whois))
        total += whois
    db.commit()
    sql = 'INSERT INTO whois_sum(tld_sum) VALUES("%s")'
    db.insert(sql % total)
    db.close()
def insert_db():

    file_name = open('small_benign.txt')
    urls = file_name.readlines()
    db = MySQL()
    count = 0
    for url in urls:
        sql = 'Insert into url_features(url,malicious)VALUES ("%s","0")'%(url.strip())
        db.insert_no_commit(sql)
        count += 1
    db.commit()
    db.close()
    print count
def update_top_sec_num():
    """
    更新表msvr_ssvr,统计顶级服务器和二级服务器数量
    """
    
    print str(datetime.now()), '开始更新数据库中顶级和二级服务器数量(msvr_ssvr)'
    db = MySQL(DESTINATION_CONFIG)
    sql = 'UPDATE msvr_ssvr SET msvr_ssvr.ssvr=(SELECT COUNT(DISTINCT sec_svr) FROM top_sec_svr)'
    db.update(sql)
    sql = 'UPDATE msvr_ssvr SET msvr=(SELECT COUNT(DISTINCT addr) FROM whois_addr)'
    db.update(sql)
    db.close()
    print str(datetime.now()), '结束更新数据库中顶级和二级服务器数量(msvr_ssvr)'
Exemple #10
0
def fetch_source_data(tb_name):
    """获取源数据
    :param tb_name: string 表名
    :return: results 数据
    """
    db = MySQL(DESTINATION_CONFIG)
    db.query('SELECT tld,flag,whois_sum FROM domain_whois_%s WHERE flag <> "-6" GROUP BY tld,flag' % tb_name)
    results = db.fetch_all_rows()
    db.close()
    return results
Exemple #11
0
def fetch_resource_data(tb_name):
    """获得源数据
    :param tb_name: string 表名
    :return: results: 查询结果
    """
    db = MySQL(DESTINATION_CONFIG)
    db.query('SELECT tld, SUM(whois_sum) FROM domain_whois_%s  GROUP BY tld' % tb_name)
    results = db.fetch_all_rows()
    db.close()
    return results
def get_data_from_source(tb_name):
    """
    :param name:string 数据库名称
    :return: results 数据库whois数量分布
    """
    source_db = MySQL(SOURCE_CONFIG)
    source_db.query('select tld,flag,count(*) as whois_sum from domain_whois_%s group by tld,flag' % (tb_name))
    results = source_db.fetch_all_rows()
    source_db.close()
    return results
def process_id_to_user(process_id):
    """通过process_id获取用户的邮箱地址和主机地址"""
    sql = "SELECT email,host_ip,pid,code_route,process_name,warning_times FROM `process_info`,user_account,host_info WHERE process_id = '%s' AND user_account.user_id = process_info.user_id AND host_info.host_id = process_info.host_id"
    db = MySQL(SOURCE_CONFIG)
    db.query(sql % process_id)
    email_host = db.fetch_all_rows()
    email = email_host[0][0]
    host = base64.decodestring(email_host[0][1])
    pid = email_host[0][2]
    code_route = email_host[0][3]
    process_name = email_host[0][4]
    warning_times = email_host[0][5]
    db.close()
    return email, host,pid,code_route,process_name,warning_times
Exemple #14
0
def insert_domains(domain_set):
    """
    更新数据库中词汇特征
    :param url_feature:
    :return:
    """
    db = MySQL()
    for domain in domain_set:
        sql = 'Insert into domain_features(domain,tld,tld_token_count,domain_length,domain_characters,domain_digit)VALUES ("%s","%s","%s","%s","%s","%s")' \
              %(domain['domain'],domain['tld'],domain['tld_token_count'],domain['domain_length'],domain['character'],domain['digit'])

        db.insert_no_commit(sql)
    db.commit()
    db.close()
def fetch_data():
    """
    从数据库中获取域名(domain)基础数据
    :return: 返回基础数据
    """
    db = MySQL()
    sql = 'SELECT domain FROM domain_features'
    db.query(sql)
    domains = db.fetch_all_rows()
    db.close()
    return domains
def fetch_data():
    """
    从数据库中获取域名长度(domain_length)基础数据
    :return: 返回基础数据
    """
    db = MySQL()
    sql = 'SELECT domain_characters FROM domain_features'
    db.query(sql)
    tlds = db.fetch_all_rows()
    db.close()
    return tlds
def fetch_data():
    """
    从数据库中获取数据基础数据
    :return: 返回基础数据
    """
    db = MySQL()
    sql = 'SELECT url_length,path_tokens,path_brand,domain_tokens,malicious,domain_characters,path_characters FROM url_features_copy_copy'
    db.query(sql)
    urls = db.fetch_all_rows()
    db.close()
    return urls
def fetch_data():
    """
    从数据库中获取域名长度(domain_length)基础数据
    :return: 返回基础数据
    """
    db = MySQL()
    sql = 'SELECT tld FROM domain_features WHERE tld_token_count = "2"'
    db.query(sql)
    tlds = db.fetch_all_rows()
    db.close()
    return tlds
Exemple #19
0
def update_db():
    """更新数据库"""
    db = MySQL(DESTINATION_CONFIG)
    truncate_sql = 'TRUNCATE TABLE tld_whois_flag'
    db.truncate(truncate_sql)
    sql = 'INSERT INTO tld_whois_flag(tld, flag,flag_detail, whois_sum) VALUES("%s", "%s", "%s", "%s")'
    tld_flag_num = sum_all_flags()
    for tld, flag_detail, num in tld_flag_num:
        try:
            if int(flag_detail) < 0:
                flag = '0'
            elif int(flag_detail) >= 120:
                flag = '1'
            elif flag_detail == '102' or flag_detail == '110' or flag_detail == '112':
                flag = '2'
            else:
                flag = '3'
            db.insert_no_commit(sql % (tld,flag,flag_detail,num))
        except:
            continue
    db.commit()
    db.close()
def fetch_data():
    """
    从数据库中获取域名长度(domain_length)基础数据
    :return: 返回基础数据
    """
    db = MySQL()
    sql = 'SELECT tld FROM domain_features'
    sql = 'SELECT SUBSTRING_INDEX(tld,".",-1) as a FROM domain_features'
    db.query(sql)
    domains_length = db.fetch_all_rows()
    db.close()
    return domains_length
def update_day():
    """更新表whois_sum_by_day,即统计数据库中最新的域名whois总量
    """

    print str(datetime.now()), '开始更新当天数据库中最新的WHOIS总量(whois_sum_by_day)'
    db = MySQL(DESTINATION_CONFIG)
    sql = 'INSERT INTO whois_sum_by_day(sum) SELECT MAX(tld_sum) FROM whois_sum \
            WHERE to_days(insert_time) = to_days(now())'

    db.insert(sql)
    db.close()
    print str(datetime.now()), '结束更新当天数据库中最新的WHOIS总量(whois_sum_by_day)'
def update_table(tb_name):
    """
    更新表
    :param tb_name:
    :return:
    """
    sql = 'SELECT flag,sum(whois_sum) FROM domain_whois_%s GROUP BY flag' % tb_name.lower(
    )
    flag_undetected = flag_no_svr = flag_no_connect = 0
    flag_reg_info = flag_reg_date = flag_part_info = 0
    db = MySQL(DESTINATION_CONFIG)
    db.query(sql)
    results = db.fetch_all_rows()

    for item in results:
        flag = item[0]
        whois_sum = item[1]
        if flag == '-6':
            flag_undetected += whois_sum
        if flag == '-5':
            flag_no_svr += whois_sum
        elif flag == '-1' or flag == '-2' or flag == '-3' or flag == '-4':
            flag_no_connect += whois_sum
        elif flag == '120' or flag == '121' or flag == '122':
            flag_reg_info += whois_sum
        elif flag == '110' or flag == '102' or flag == '112':
            flag_reg_date += whois_sum
        elif flag == '100' or flag == '101' or flag == '111':
            flag_part_info += whois_sum

    sql = 'INSERT INTO table_overall_history (table_name,flag_undetected,\
          flag_no_svr,flag_no_connect,flag_reg_info,flag_reg_date,flag_part_info) \
          VALUES ("%s","%s","%s","%s","%s","%s","%s")' % (
        'domain_whois_' + tb_name, flag_undetected, flag_no_svr,
        flag_no_connect, flag_reg_info, flag_reg_date, flag_part_info)
    db.insert(sql)
    db.close()
Exemple #23
0
def update_url_features(url_feature):
    """
    更新数据库中词汇特征
    :param url_feature:
    :return:
    """
    db = MySQL()
    sql = 'UPDATE url_features SET url_length = "%s", domain="%s",domain_tokens="%s",domain_characters="%s",path="%s", ' \
          'path_tokens="%s",path_characters="%s",path_brand="%s" WHERE url="%s"' % \
          (url_feature[1],url_feature[2],url_feature[3],url_feature[4],url_feature[5],url_feature[6],
           url_feature[7],url_feature[8],url_feature[0])
    db.update(sql)
    db.close()
def get_source_data(tb_name):
    """
    得到基础数据
    :param tb_name:string 表名
    :return:
    """
    db = MySQL(SOURCE_CONFIG)
    sql = 'SELECT top_whois_server as top_svr, sec_whois_server AS sec_svr, count(*) \
               FROM domain_whois_%s WHERE sec_whois_server <> "" GROUP BY top_svr, sec_svr' % tb_name

    db.query(sql)
    results = db.fetch_all_rows()
    db.close()
    return results
def insert_host_error(error,process_ids):
    """更新主机错误"""
    db = MySQL(SOURCE_CONFIG)
    error_info = '主机异常:'+ str(error)
    status = '异常'
    sql = 'insert into process_status (process_id,cpu,mem,vsz,rss,status,error_info,log_size) values("%s","%s","%s","%s","%s","%s","%s","%s")'
    for _,process_id,_,_ in process_ids:
        db.insert(sql % (process_id, 0, 0, 0, 0, status, error_info,'-3'))   # -3表示日志的主机错误
        email, host, pid, code_route, code_name,warning_times = process_id_to_user(process_id)
        if warning_times > 0:
            content = (pid, host, status, error_info, code_route, code_name)
            if send_process_exception([email], content):
                print "邮件预警成功:" + email
                reduce_warning_times(process_id)
            else:
                print "邮件预警失败:" + email
    db.close()
Exemple #26
0
def fetch_domains():
    """
    To fetch urls from the database, and return urls
    """
    db1 = MySQL1()
    sql = 'SELECT url FROM benign_urls'
    db1.query(sql)
    urls1 = db1.fetch_all_rows()
    db2 = MySQL()
    sql = 'SELECT domain FROM domain_white_list'
    db2.query(sql)
    urls2 = db2.fetch_all_rows()
    db1.close()
    db2.close()

    urls1 = tuple_to_list(urls1)
    urls2 = tuple_to_list(urls2)
    urls = urls1 + urls2
    print len(urls)
    urls = list(set(urls))
    print len(urls)
    return urls
Exemple #27
0
def fetch_domains():
    """
    To fetch urls from the database, and return urls
    """
    db1 = MySQL1()
    sql = 'SELECT url FROM benign_urls'
    db1.query(sql)
    urls1 = db1.fetch_all_rows()
    db2 = MySQL()
    sql = 'SELECT domain FROM domain_white_list'
    db2.query(sql)
    urls2 = db2.fetch_all_rows()
    db1.close()
    db2.close()

    urls1 = tuple_to_list(urls1)
    urls2 = tuple_to_list(urls2)
    urls = urls1+urls2
    print len(urls)
    urls = list(set(urls))
    print len(urls)
    return urls
# print b.mean()
#
# mal_x = np.arange(len(mal_y))
# beg_x = np.arange(len(beg_y))
# fig = plt.figure()
# fig.add_subplot(121)
# plt.plot(beg_x,beg_y)
# plt.xlabel(u'网址个数')
# plt.ylabel(u"域名长度")
# fig.add_subplot(122)
# plt.plot(mal_x,mal_y,color='r')
# plt.xlabel(u'网址个数')
# plt.ylabel(u"域名长度")
# plt.show()

db = MySQL()
mal_sql = 'select domain_tokens,domain_characters from url_features WHERE malicious="1"'
db.query(mal_sql)
mal = db.fetch_all_rows()
mal_y = []
for j, i in mal:
    # print j,i
    mal_y.append(int(list(eval(i))[1] * list(eval(j))[1] / 100.0))

beg_sql = 'select domain_tokens,domain_characters from url_features WHERE malicious="0"'
db.query(beg_sql)
beg = db.fetch_all_rows()
beg_y = []
for j, i in beg:
    beg_y.append(int(list(eval(i))[1] * list(eval(j))[1] / 100.0))
Exemple #29
0
def fetch_domains():
    """
    To fetch urls from the database, and return urls
    """
    tld = {}
    db1 = MySQL(DBCONFIG1)
    db2 = MySQL(DBCONFIG2)
    sql = 'SELECT SUBSTRING_INDEX(tld,".",-1) as a,count(*) FROM domain_features GROUP BY a'
    db1.query(sql)
    tld_count = db1.fetch_all_rows()
    for i in tld_count:
        print i
        if len(i[0]) == 0:
            continue
        sql = 'SELECT type FROM tld_details WHERE tld="%s"' % ('.' + i[0])
        db2.query(sql)
        urls2 = db2.fetch_all_rows()
        try:
            if urls2[0][0] in tld.keys():
                tld[urls2[0][0]] += i[1]
            else:
                tld[urls2[0][0]] = i[1]
        except:
            continue
    print tld
    db1.close()
    db2.close()
Exemple #30
0
分析whois的ip地址的分布
"""

from data_base import MySQL
import numpy as np

DBCONFIG = {
    'host': '172.26.253.3',
    'port': 3306,
    'user': '******',
    'passwd': 'platform',
    'db': 'DomainWhois',
    'charset': 'utf8'
}

db = MySQL(DBCONFIG)

sql = 'select port_available from svr_ip WHERE  level="2"'

db.query(sql)

test = db.fetch_all_rows()

result = []

for i in test:

    result.append(len(i[0]))

# print result
def reduce_warning_times(process_id):
    db = MySQL(SOURCE_CONFIG)

    sql = 'update process_info set warning_times = warning_times -1 where process_id = "%s"' % process_id
    db.update(sql)
    db.close()
Exemple #32
0
def update_db():
    """更新数据库"""
    tld_num = sum_all_domains()
    db = MySQL(DESTINATION_CONFIG)
    db.truncate('TRUNCATE TABLE domain_summary')
    update_sql = 'INSERT INTO domain_update(tld_name, domain_num) VALUES("%s", "%s")'
    summary_sql = 'INSERT INTO domain_summary(tld_name, domain_num) VALUES("%s", "%s")'
    for tld,num in tld_num:
        db.insert_no_commit(update_sql % (tld,num))
        db.insert_no_commit(summary_sql % (tld,num))
    db.commit()
    db.close()
Exemple #33
0
def fetch_domains():
    """
    To fetch urls from the database, and return urls
    """
    tld ={}
    db1 = MySQL(DBCONFIG1)
    db2 = MySQL(DBCONFIG2)
    sql = 'SELECT SUBSTRING_INDEX(tld,".",-1) as a,count(*) FROM domain_features GROUP BY a'
    db1.query(sql)
    tld_count = db1.fetch_all_rows()
    for i in tld_count:
        print i
        if len(i[0])==0:
            continue
        sql = 'SELECT type FROM tld_details WHERE tld="%s"' % ('.'+i[0])
        db2.query(sql)
        urls2 = db2.fetch_all_rows()
        try:
            if urls2[0][0] in tld.keys():
                tld[urls2[0][0]] += i[1]
            else:
                tld[urls2[0][0]] = i[1]
        except:
            continue
    print tld
    db1.close()
    db2.close()
# mal_x = np.arange(len(mal_y))
# beg_x = np.arange(len(beg_y))
# fig = plt.figure()
# fig.add_subplot(121)
# plt.plot(beg_x,beg_y)
# plt.xlabel(u'网址个数')
# plt.ylabel(u"域名长度")
# fig.add_subplot(122)
# plt.plot(mal_x,mal_y,color='r')
# plt.xlabel(u'网址个数')
# plt.ylabel(u"域名长度")
# plt.show()



db = MySQL()
mal_sql = 'select domain_tokens,domain_characters from url_features WHERE malicious="1"'
db.query(mal_sql)
mal = db.fetch_all_rows()
mal_y = []
for j,i in mal:
    # print j,i
    mal_y.append(int(list(eval(i))[1]*list(eval(j))[1]/100.0))

beg_sql = 'select domain_tokens,domain_characters from url_features WHERE malicious="0"'
db.query(beg_sql)
beg = db.fetch_all_rows()
beg_y = []
for j,i in beg:
    beg_y.append(int(list(eval(i))[1]*list(eval(j))[1]/100.0))
"""


from data_base import MySQL
import numpy as np

DBCONFIG = {'host':'172.26.253.3',
                'port': 3306,
                'user':'******',
                'passwd':'platform',
                'db':'DomainWhois',
                'charset':'utf8'}



db = MySQL(DBCONFIG)


sql = 'select port_available from svr_ip WHERE  level="2"'

db.query(sql)

test = db.fetch_all_rows()

result = []

for i in test:

    result.append(len(i[0]))

def merge_same_rc(domain):
    """
    最简单的合并相同的记录
    todo:
    1. 以某时间窗口来进行合并,去掉因为探测导致的问题
    """
    domain_rc = []
    rc_last_updated = []
    db = MySQL(SOURCE_CONFIG)
    tb_name = domain2tb(domain)

    sql = 'select ips, cnames, ns,last_updated from ' + tb_name + ' WHERE domain="%s"'
    db.query(sql % domain)
    rc = db.fetch_all_rows()

    # 域名记录预处理
    for i in rc:
        domain_rc.append([i[0], i[1], i[2]])
        rc_last_updated.append(str(i[3]))

    # 遍历修改记录
    for i in range(0, len(domain_rc) - 1):
        if sorted(domain_rc[i][0]) == sorted(domain_rc[i+1][0]) and sorted(domain_rc[i][1])==sorted(domain_rc[i+1][1]) \
                and sorted(domain_rc[i][2])==sorted(domain_rc[i+1][2]):  # 前后两次的记录是否一致

            ##  若相邻一致的情况
            # 先删除后者记录
            delete_sql = 'delete from ' + tb_name + ' WHERE domain="%s" and last_updated="%s"'
            db.update(delete_sql % (domain, rc_last_updated[i + 1]))
            # 再将前者记录的last_updated时间修改为后者记录的时间
            update_sql = 'update ' + tb_name + ' set last_updated="%s" WHERE domain="%s" AND last_updated="%s"'
            db.update(update_sql %
                      (rc_last_updated[i + 1], domain, rc_last_updated[i]))
        else:
            pass

    db.close()