marco/ids.alfacom.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7c204c62b2
ids.alfacom.it/extracted_idf/create_ip_list_test.sql
marco370 0bfe3258b5 Saved progress at the end of the loop 
Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: 1c71ce6e-1a3e-4f53-bb5d-77cdd22b8ea3
2025-11-11 09:15:10 +00:00

216 lines
8.1 KiB
SQL
Raw Blame History

-- ============================================
-- TABELLA IP_LIST_TEST PER SISTEMA DDoS v04
-- Sistema di test e comparazione avanzato
-- ============================================
DROP TABLE IF EXISTS ip_list_test;
CREATE TABLE ip_list_test (
id INT AUTO_INCREMENT PRIMARY KEY,
list_name VARCHAR(50) NOT NULL,
ip_address VARCHAR(45) NOT NULL,
risk_level VARCHAR(20) DEFAULT 'MEDIUM',
risk_score DECIMAL(5,2) DEFAULT 0.00, -- Score 0-100
confidence_score DECIMAL(5,2) DEFAULT 0.00, -- Confidence 0-100
-- Nuovi campi per sistema avanzato v04
detection_method VARCHAR(100), -- Metodo di detection utilizzato
feature_importance TEXT, -- JSON con importance delle feature
behavioral_score DECIMAL(5,2) DEFAULT 0.00,
context_score DECIMAL(5,2) DEFAULT 0.00,
anomaly_type VARCHAR(50), -- Tipo di anomalia rilevata
attack_pattern VARCHAR(100), -- Pattern di attacco identificato
-- Metadata per analisi
source_model VARCHAR(50) DEFAULT 'v04_ensemble',
model_version VARCHAR(20) DEFAULT '4.0.0',
processing_time_ms INT DEFAULT 0,
-- Feedback e learning
feedback_status ENUM('pending', 'confirmed_tp', 'confirmed_fp', 'confirmed_tn', 'confirmed_fn') DEFAULT 'pending',
feedback_comment TEXT,
feedback_operator VARCHAR(50),
feedback_timestamp TIMESTAMP NULL,
-- Correlazione e context
subnet_reputation_score DECIMAL(5,2) DEFAULT 0.00,
geo_risk_factor DECIMAL(5,2) DEFAULT 0.00,
threat_intel_match BOOLEAN DEFAULT FALSE,
related_ips TEXT, -- JSON array di IP correlati
-- Tracking temporale avanzato
first_seen TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
last_seen TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
retrieved_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
expires_at TIMESTAMP NULL,
-- Indici per performance
UNIQUE KEY unique_ip_list (ip_address, list_name),
INDEX idx_risk_score (risk_score DESC),
INDEX idx_confidence (confidence_score DESC),
INDEX idx_feedback (feedback_status),
INDEX idx_retrieved_at (retrieved_at),
INDEX idx_expires_at (expires_at),
INDEX idx_list_name (list_name),
INDEX idx_detection_method (detection_method),
INDEX idx_anomaly_type (anomaly_type)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
-- ============================================
-- VISTA PER STATISTICHE AVANZATE
-- ============================================
CREATE OR REPLACE VIEW v_ip_test_stats AS
SELECT
list_name,
COUNT(*) as total_ips,
AVG(risk_score) as avg_risk_score,
AVG(confidence_score) as avg_confidence,
AVG(behavioral_score) as avg_behavioral_score,
AVG(context_score) as avg_context_score,
-- Distribuzione livelli di rischio
SUM(CASE WHEN risk_level = 'CRITICO' THEN 1 ELSE 0 END) as critical_count,
SUM(CASE WHEN risk_level = 'ALTO' THEN 1 ELSE 0 END) as high_count,
SUM(CASE WHEN risk_level = 'MEDIO' THEN 1 ELSE 0 END) as medium_count,
SUM(CASE WHEN risk_level = 'BASSO' THEN 1 ELSE 0 END) as low_count,
-- Feedback status
SUM(CASE WHEN feedback_status = 'confirmed_tp' THEN 1 ELSE 0 END) as true_positives,
SUM(CASE WHEN feedback_status = 'confirmed_fp' THEN 1 ELSE 0 END) as false_positives,
SUM(CASE WHEN feedback_status = 'pending' THEN 1 ELSE 0 END) as pending_review,
-- Performance metrics
AVG(processing_time_ms) as avg_processing_time,
MAX(processing_time_ms) as max_processing_time,
-- Temporal stats
MIN(first_seen) as earliest_detection,
MAX(last_seen) as latest_activity,
COUNT(DISTINCT DATE(first_seen)) as active_days
FROM ip_list_test
GROUP BY list_name;
-- ============================================
-- VISTA PER COMPARAZIONE MODELLI
-- ============================================
CREATE OR REPLACE VIEW v_model_comparison AS
SELECT
model_version,
detection_method,
COUNT(*) as detections,
AVG(risk_score) as avg_risk,
AVG(confidence_score) as avg_confidence,
AVG(processing_time_ms) as avg_time_ms,
-- Accuracy metrics (richiedono feedback)
CASE
WHEN SUM(CASE WHEN feedback_status IN ('confirmed_tp', 'confirmed_fp') THEN 1 ELSE 0 END) > 0
THEN SUM(CASE WHEN feedback_status = 'confirmed_tp' THEN 1 ELSE 0 END) * 100.0 /
SUM(CASE WHEN feedback_status IN ('confirmed_tp', 'confirmed_fp') THEN 1 ELSE 0 END)
ELSE NULL
END as precision_percentage,
SUM(CASE WHEN feedback_status = 'confirmed_tp' THEN 1 ELSE 0 END) as true_positives,
SUM(CASE WHEN feedback_status = 'confirmed_fp' THEN 1 ELSE 0 END) as false_positives,
SUM(CASE WHEN feedback_status = 'pending' THEN 1 ELSE 0 END) as pending_feedback
FROM ip_list_test
GROUP BY model_version, detection_method
ORDER BY avg_risk DESC, precision_percentage DESC;
-- ============================================
-- STORED PROCEDURES PER GESTIONE TEST
-- ============================================
DELIMITER $$
CREATE PROCEDURE add_test_detection(
IN p_ip_address VARCHAR(45),
IN p_list_name VARCHAR(50),
IN p_risk_score DECIMAL(5,2),
IN p_confidence_score DECIMAL(5,2),
IN p_detection_method VARCHAR(100),
IN p_anomaly_type VARCHAR(50),
IN p_processing_time_ms INT
)
BEGIN
DECLARE risk_level_calc VARCHAR(20);
-- Calcola livello di rischio basato su score
SET risk_level_calc = CASE
WHEN p_risk_score >= 85 THEN 'CRITICO'
WHEN p_risk_score >= 70 THEN 'ALTO'
WHEN p_risk_score >= 55 THEN 'MEDIO'
WHEN p_risk_score >= 40 THEN 'BASSO'
ELSE 'NORMALE'
END;
INSERT INTO ip_list_test (
ip_address, list_name, risk_score, confidence_score,
risk_level, detection_method, anomaly_type, processing_time_ms
) VALUES (
p_ip_address, p_list_name, p_risk_score, p_confidence_score,
risk_level_calc, p_detection_method, p_anomaly_type, p_processing_time_ms
)
ON DUPLICATE KEY UPDATE
risk_score = p_risk_score,
confidence_score = p_confidence_score,
risk_level = risk_level_calc,
detection_method = p_detection_method,
anomaly_type = p_anomaly_type,
processing_time_ms = p_processing_time_ms,
last_seen = CURRENT_TIMESTAMP;
END$$
CREATE PROCEDURE add_feedback_test(
IN p_ip_address VARCHAR(45),
IN p_list_name VARCHAR(50),
IN p_feedback_status VARCHAR(20),
IN p_feedback_comment TEXT,
IN p_operator VARCHAR(50)
)
BEGIN
UPDATE ip_list_test
SET
feedback_status = p_feedback_status,
feedback_comment = p_feedback_comment,
feedback_operator = p_operator,
feedback_timestamp = CURRENT_TIMESTAMP
WHERE ip_address = p_ip_address AND list_name = p_list_name;
SELECT ROW_COUNT() as updated_rows;
END$$
CREATE PROCEDURE cleanup_test_data(
IN p_hours_old INT DEFAULT 48
)
BEGIN
DECLARE rows_deleted INT;
DELETE FROM ip_list_test
WHERE retrieved_at < DATE_SUB(NOW(), INTERVAL p_hours_old HOUR);
SET rows_deleted = ROW_COUNT();
SELECT CONCAT('Deleted ', rows_deleted, ' test records older than ', p_hours_old, ' hours') as result;
END$$
DELIMITER ;
-- ============================================
-- DATI DI TEST INIZIALI
-- ============================================
INSERT INTO ip_list_test (ip_address, list_name, risk_score, confidence_score, detection_method, anomaly_type) VALUES
('192.168.100.1', 'ddos_detect_v04_test', 92.5, 87.3, 'ensemble_behavioral', 'syn_flood'),
('10.0.0.50', 'ddos_detect_v04_test', 78.2, 82.1, 'lstm_sequence', 'port_scan'),
('172.16.1.100', 'ddos_detect_v04_test', 65.8, 75.5, 'isolation_forest_context', 'volume_anomaly'),
('203.45.67.89', 'ddos_detect_v04_test', 43.2, 68.9, 'behavioral_profiling', 'suspicious_pattern');
-- Mostra statistiche iniziali
SELECT 'Test table created successfully!' as status;
SELECT * FROM v_ip_test_stats WHERE list_name = 'ddos_detect_v04_test';
Reference in New Issue View Git Blame Copy Permalink