package org.hogzilla.dns;

import org.apache.hadoop.hbase.client.Result;
import org.apache.hadoop.hbase.io.ImmutableBytesWritable;
import org.apache.spark.SparkContext;
import org.apache.spark.mllib.clustering.KMeans;
import org.apache.spark.mllib.clustering.KMeansModel;
import org.apache.spark.mllib.linalg.Vector;
import org.apache.spark.mllib.linalg.Vectors$;
import org.apache.spark.rdd.RDD;
import org.apache.spark.rdd.RDD$;
import org.hogzilla.event.HogEvent;
import org.hogzilla.event.HogSignature;
import org.hogzilla.util.HogFlow;
import scala.Array$;
import scala.Predef$;
import scala.Tuple2;
import scala.Tuple3;
import scala.Tuple4;
import scala.collection.TraversableLike;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.Map;
import scala.collection.mutable.Map$;
import scala.collection.mutable.StringBuilder;
import scala.collection.parallel.mutable.ParIterable$;
import scala.math.Ordering;
import scala.reflect.ClassTag;
import scala.reflect.ClassTag$;
import scala.runtime.BoxesRunTime;
import scala.runtime.ScalaRunTime$;
import scala.runtime.Tuple3Zipped$;
import scala.runtime.Tuple3Zipped$Ops$;

/* compiled from: HogDNS.scala */
/* loaded from: input_file:org/hogzilla/dns/HogDNS$.class */
public final class HogDNS$ {
    public static final HogDNS$ MODULE$ = null;
    private final Tuple2<HogSignature, HogSignature> signature;
    private final int numberOfClusters;
    private final double maxAnomalousClusterProportion;
    private final double minDirtyProportion;

    static {
        new HogDNS$();
    }

    public Tuple2<HogSignature, HogSignature> signature() {
        return this.signature;
    }

    public int numberOfClusters() {
        return this.numberOfClusters;
    }

    public double maxAnomalousClusterProportion() {
        return this.maxAnomalousClusterProportion;
    }

    public double minDirtyProportion() {
        return this.minDirtyProportion;
    }

    public void run(RDD<Tuple2<ImmutableBytesWritable, Result>> rdd, SparkContext sparkContext) {
        kmeans(rdd);
    }

    public HogEvent kmeansPopulate(HogEvent hogEvent) {
        hogEvent.data().get("centroids");
        hogEvent.data().get("vector");
        hogEvent.data().get("clusterLabel");
        hogEvent.text_$eq(new StringBuilder().append("This flow was detected by Hogzilla as an abnormal activity. In what follows you can see more information.\nHostname mentioned in DNS flow: ").append(hogEvent.data().get("hostname")).append("\n").append("Hogzilla module: HogDNS, Method: k-means clustering with k=").append(BoxesRunTime.boxToInteger(numberOfClusters())).append("\n").append("URL for more information: http://ids-hogzilla.org/signature-db/").append(new StringOps(Predef$.MODULE$.augmentString("%.0f")).format(Predef$.MODULE$.genericWrapArray(new Object[]{BoxesRunTime.boxToDouble(((HogSignature) signature()._1()).signature_id())}))).append("\n").append("").toString());
        hogEvent.signature_id_$eq(((HogSignature) signature()._1()).signature_id());
        return hogEvent;
    }

    public void kmeans(RDD<Tuple2<ImmutableBytesWritable, Result>> rdd) {
        String[] strArr = {"flow:avg_packet_size", "flow:packets_without_payload", "flow:avg_inter_time", "flow:flow_duration", "flow:max_packet_size", "flow:bytes", "flow:packets", "flow:min_packet_size", "flow:packet_size-0", "flow:inter_time-0", "flow:packet_size-1", "flow:dns_num_queries", "flow:dns_num_answers", "flow:dns_ret_code", "flow:dns_bad_packet", "flow:dns_query_type", "flow:dns_rsp_type"};
        Predef$.MODULE$.println("Filtering HogRDD...");
        RDD cache = rdd.map(new HogDNS$$anonfun$2(), ClassTag$.MODULE$.apply(HogFlow.class)).filter(new HogDNS$$anonfun$3()).cache();
        Predef$.MODULE$.println("Counting HogRDD...");
        long count = cache.count();
        Predef$.MODULE$.println(new StringBuilder().append("Filtered HogRDD has ").append(BoxesRunTime.boxToLong(count)).append(" rows!").toString());
        if (count == 0) {
            return;
        }
        Predef$.MODULE$.println("Calculating some variables to normalize data...");
        RDD cache2 = cache.map(new HogDNS$$anonfun$4(strArr), ClassTag$.MODULE$.apply(ScalaRunTime$.MODULE$.arrayClass(Double.TYPE))).cache();
        int length = ((double[]) cache2.first()).length;
        double[] dArr = (double[]) cache2.reduce(new HogDNS$$anonfun$5());
        double[] dArr2 = (double[]) Predef$.MODULE$.refArrayOps((Object[]) Predef$.MODULE$.doubleArrayOps((double[]) cache2.fold(new double[length], new HogDNS$$anonfun$6())).zip(Predef$.MODULE$.wrapDoubleArray(dArr), Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.apply(Tuple2.class)))).map(new HogDNS$$anonfun$7(count), Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.Double()));
        double[] dArr3 = (double[]) Predef$.MODULE$.doubleArrayOps(dArr).map(new HogDNS$$anonfun$1(count), Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.Double()));
        Predef$.MODULE$.println("Normalizing data...");
        RDD map = cache.map(new HogDNS$$anonfun$12(strArr, dArr2, dArr3), ClassTag$.MODULE$.apply(Tuple2.class));
        Predef$.MODULE$.println("Estimating model...");
        ClassTag apply = ClassTag$.MODULE$.apply(Tuple4.class);
        ClassTag apply2 = ClassTag$.MODULE$.apply(Vector.class);
        RDD$.MODULE$.rddToPairRDDFunctions$default$4(map);
        RDD cache3 = RDD$.MODULE$.rddToPairRDDFunctions(map, apply, apply2, (Ordering) null).values().cache();
        KMeans kMeans = new KMeans();
        kMeans.setK(numberOfClusters());
        Predef$.MODULE$.println(new StringBuilder().append("Number of vectors: ").append(BoxesRunTime.boxToLong(cache3.count())).toString());
        KMeansModel run = kMeans.run(cache3);
        Predef$.MODULE$.println("Predicting points (ie, find cluster for each point)...");
        RDD map2 = map.map(new HogDNS$$anonfun$14(run), ClassTag$.MODULE$.apply(Tuple3.class));
        Predef$.MODULE$.println("Generating histogram...");
        Map map3 = (Map) map2.map(new HogDNS$$anonfun$15(), ClassTag$.MODULE$.apply(Map.class)).reduce(new HogDNS$$anonfun$16());
        Predef$.MODULE$.println("######################################################################################");
        Predef$.MODULE$.println("######################################################################################");
        Predef$.MODULE$.println("######################################################################################");
        Predef$.MODULE$.println("######################################################################################");
        Predef$.MODULE$.println("DNS K-Means Clustering");
        Predef$.MODULE$.println("Centroids");
        String valueOf = String.valueOf(Predef$.MODULE$.refArrayOps(run.clusterCenters()).mkString(",\n"));
        map3.$div$colon(BoxesRunTime.boxToInteger(0), new HogDNS$$anonfun$kmeans$1());
        double maxAnomalousClusterProportion = maxAnomalousClusterProportion() * count;
        Predef$.MODULE$.println("Selecting cluster to be tainted...");
        Map map4 = (Map) ((TraversableLike) map3.filter(new HogDNS$$anonfun$17(maxAnomalousClusterProportion))).map(new HogDNS$$anonfun$18(), Map$.MODULE$.canBuildFrom());
        map4.par().map(new HogDNS$$anonfun$kmeans$2(map2, valueOf), ParIterable$.MODULE$.canBuildFrom());
        if (map4.isEmpty()) {
            Predef$.MODULE$.println("No flow matched!");
        }
    }

    public void superbag(RDD<Tuple2<ImmutableBytesWritable, Result>> rdd, SparkContext sparkContext) {
    }

    public final Vector org$hogzilla$dns$HogDNS$$normalize$1(Vector vector, double[] dArr, double[] dArr2) {
        return Vectors$.MODULE$.dense((double[]) Tuple3Zipped$.MODULE$.map$extension(Tuple3Zipped$Ops$.MODULE$.zipped$extension(Predef$.MODULE$.tuple3ToZippedOps(new Tuple3(vector.toArray(), dArr2, dArr)), new HogDNS$$anonfun$8(), new HogDNS$$anonfun$9(), new HogDNS$$anonfun$10()), new HogDNS$$anonfun$11(), Array$.MODULE$.canBuildFrom(ClassTag$.MODULE$.Double())));
    }

    private HogDNS$() {
        MODULE$ = this;
        this.signature = new Tuple2<>(new HogSignature(3, "HZ: Suspicious DNS flow identified by K-Means clustering", 2, 1, 8.26000001E8d, 826).saveHBase(), new HogSignature(3, "HZ: Suspicious DNS flow identified by SuperBag", 2, 1, 8.26000002E8d, 826).saveHBase());
        this.numberOfClusters = 9;
        this.maxAnomalousClusterProportion = 0.05d;
        this.minDirtyProportion = 0.001d;
    }
}
