审计打分系统

来源：互联网发布：架子鼓调音软件下载编辑：程序博客网时间：2024/04/29 06:23

最近在帮老师做一个项目，有关审计系统的打分。该系统运行框架是用户在web端提交http请求，通过服务器转换成SQL语句，然后到数据库中去进行数据查询修改等。审计系统运行在服务器与数据库中间，起到一个网关的作用，它能接受到http请求以及服务器传递过来的SQL查询语句还有用户IP地址等一系列东西，主要实现的是数据的监控。具体细节我也不清楚，总之是来打酱油的。

下面说说评分系统，该系统针对HTTP请求和产生的SQL语句进行分析，也就是针对一条http请求中？后面的字段，让其与服务器产生的众多SQL语句查询字段进行比较，通过比较得出一个得分。该得分包括两个部分内容，一个是相似性，这里考虑的是最长公共子串LCS，另一个是时间性，权衡结果是如果LCS越长，而且时间越靠近当前时间那么得分就越高。当然这两个方面各自所占的比例还是不清楚的，老师暂时安排是一半对一半。

编写了一个小程序模拟了一下过程，涉及到LCS，快排，文件等知识，用处还是挺大的，放在下面，其中时间就用出现的序号进行模拟了，处理速度还行，快排确实很牛，LCS矩阵分析亦是如此。

#include <stdio.h>#include <string.h>#include <stdlib.h>#define R1 0.5//LCS比例#define R2 0.5//时间比例#define MaxNum 10000//待比较的SQL语句条数char str1[1002],str2[MaxNum][1002];//返回str1,str2的最长公共之串长度int commstr(char *str1, char *str2){int len1=strlen(str1),len2=strlen(str2),row,col,max=0;int **pf = new int*[len1+1];//动态分配一个二维数组作为辅助空间for (row=0; row<len1+1; row++)pf[row] = new int[len2+1];//数组赋初值for (row=0; row<len1+1; row++)pf[row][0] = 0;for (col=0; col<len2+1; col++)pf[0][col] = 0;for (row=1; row<=len1; row++)for (col=1;col<=len2; col++){if (str1[row-1] == str2[col-1]){pf[row][col] = pf[row-1][col-1] + 1;max = pf[row][col] > max ? pf[row][col] : max;}elsepf[row][col] = 0;}//空间回收     for (row=0; row<len1+1; row++)delete[] pf[row];delete[] pf;return max;                   }//排序算法void QuickSort(double e[],int location[],int first, int end){int i=first,j=end,temp2=location[first];double temp=e[first];while(i<j){while(i<j && e[j]<=temp)j--;e[i]=e[j];location[i]=location[j];while(i<j && e[i]>=temp)i++;e[j]=e[i];location[j]=location[i];}e[i]=temp;location[i]=temp2;if(first<i-1)QuickSort(e,location,first,i-1);if(end>i+1)QuickSort(e,location,i+1,end);}void  createfile(int num,int length){FILE *stream;char s[27]="abcdefghijklmnopqrstuvwxyz";char list[1002];int i,  numwritten;int j;if( (stream = fopen( "sql.txt", "w+t" )) != NULL ) { for(j=0;j<num;j++){for ( i = 0; i < length; i++ ) list[i] = s[rand()%26]; list[i]='\n';numwritten = fwrite( list, sizeof( char ), length+1, stream ); }printf("file has been created\n");fclose( stream ); } }int main(){int t;int length;int sqlnumber;int sqllength;double lCSratio[MaxNum];int location[MaxNum];double ratio[MaxNum];FILE *fp;printf("please input the sql sentence number(Max=10000)\n");scanf("%d",&sqlnumber);printf("please input the each sql sentence length(Max=1000)\n");scanf("%d",&sqllength);if(sqlnumber<=10000&&sqllength<=1000)    {createfile(sqlnumber,sqllength);}elseprintf("wrong input!\n");if((fp=fopen("sql.txt","rt"))==NULL){        printf("Error Opening File.\n");            }printf("please enter the http sentence(Max=1000)\n");scanf("%s",&str1);length=strlen(str1);for(t=0;t<sqlnumber;t++){fgets(str2[t], sizeof(str2[t]), fp);lCSratio[t]=(double)commstr(str1,str2[t])/length;location[t]=t;}fclose(fp);for(t=0;t<sqlnumber;t++){ratio[t]=(double)(R1*lCSratio[t]+R2*1/(t+1));//比例计算,50%为LCS长度在整个字符串中所占比例，50%为时间比例}//针对比例进行排序QuickSort(ratio,location,0,sqlnumber-1);if((fp=fopen("result.txt","w"))==NULL){        printf("Error Opening File.\n");            }fprintf(fp,"The whole rank list\n");for(t=0;t<sqlnumber;t++)fprintf(fp,"The ID:%d The Ratio:%lf The SQL:%s\n",location[t],ratio[t],str2[location[t]]);printf("Job Done\n");    return 0;}

后来发现快排不稳定，于是改成了归并排序，这样就能保证相同情况下序号靠前的就排在前面了

#include <stdio.h>#include <string.h>#include <stdlib.h>#define R1 0.5//LCS比例#define R2 0.5//时间比例#define MaxNum 10000//待比较的SQL语句条数char str1[1002],str2[MaxNum][1002];//返回str1,str2的最长公共之串长度int commstr(char *str1, char *str2){int len1=strlen(str1),len2=strlen(str2),row,col,max=0;int **pf = new int*[len1+1];//动态分配一个二维数组作为辅助空间for (row=0; row<len1+1; row++)pf[row] = new int[len2+1];//数组赋初值for (row=0; row<len1+1; row++)pf[row][0] = 0;for (col=0; col<len2+1; col++)pf[0][col] = 0;for (row=1; row<=len1; row++)for (col=1;col<=len2; col++){if (str1[row-1] == str2[col-1]){pf[row][col] = pf[row-1][col-1] + 1;max = pf[row][col] > max ? pf[row][col] : max;}elsepf[row][col] = 0;}//空间回收     for (row=0; row<len1+1; row++)delete[] pf[row];delete[] pf;return max;                   }//归并排序void merge(double data[],int location[], int p, int q, int r) {         int i, j, k, n1, n2;         double L[MaxNum];   int LL[MaxNum];    double R[MaxNum]; int RL[MaxNum];n1 = q - p + 1;         n2 = r - q;     for(i = 0, k = p; i < n1; i++, k++)         {L[i] = data[k];LL[i]=location[k];}    for(i = 0, k = q + 1; i < n2; i++, k++)             {R[i] = data[k];RL[i]=location[k];}    for(k = p, i = 0, j = 0; i < n1 && j < n2; k++)         {                 if(L[i] >= R[j])                 {                         data[k] = L[i];    location[k]=LL[i];            i++;                 }                 else                 {                         data[k] = R[j];  location[k]=RL[j];            j++;                 }     }    if(i < n1)         {                 for(j = i; j < n1; j++, k++)             {data[k] = L[j];location[k]=LL[j];}    }      if(j < n2)         {                 for(i = j; i < n2; i++, k++)             { data[k] = R[i];location[k]=RL[i];}    }  }void merge_sort(double data[], int location[],int p, int r) {         if(p < r)         {                 int q = (p + r) / 2;                 merge_sort(data,location, p, q);                 merge_sort(data, location,q + 1, r);                 merge(data, location,p, q, r);         } } void  createfile(int num,int length){FILE *stream;char s[27]="abcdefghijklmnopqrstuvwxyz";char list[1002];int i,  numwritten;int j;if( (stream = fopen( "sql.txt", "w+t" )) != NULL ) { for(j=0;j<num;j++){for ( i = 0; i < length; i++ ) list[i] = s[rand()%26]; list[i]='\n';numwritten = fwrite( list, sizeof( char ), length+1, stream ); }printf("file has been created\n");fclose( stream ); } }int main(){int t;int sqlnumber;int sqllength;int location[MaxNum];double LCS[MaxNum]; int LCSRank[MaxNum];double ratio[MaxNum];FILE *fp;printf("please input the sql sentence number(Max=10000)\n");scanf("%d",&sqlnumber);printf("please input the each sql sentence length(Max=1000)\n");scanf("%d",&sqllength);if(sqlnumber<=10000&&sqllength<=1000)    {createfile(sqlnumber,sqllength);}elseprintf("wrong input!\n"); if((fp=fopen("sql.txt","rt"))==NULL){        printf("Error Opening File.\n");            }printf("please enter the http sentence(Max=1000)\n");scanf("%s",&str1);for(t=0;t<sqlnumber;t++){fgets(str2[t], sizeof(str2[t]), fp);LCS[t]=(double)commstr(str1,str2[t]);location[t]=t;}fclose(fp);//使用归并排序merge_sort(LCS,location,0,sqlnumber-1);for(t=0;t<sqlnumber;t++){LCSRank[location[t]]=t;}if((fp=fopen("resultLCS.txt","w"))==NULL){        printf("Error Opening File.\n");            }for(t=0;t<sqlnumber;t++){fprintf(fp,"The ID:%d The LCS:%.0lf The LCSRank:%d The SQL:%s\n",location[t],LCS[t],LCSRank[location[t]],str2[location[t]]);}fclose(fp);for(t=0;t<sqlnumber;t++){ratio[t]=(double)(R1*1.0/(LCSRank[t]+1)+R2*1.0/(t+1));//比例计算,50%为LCS长度排名比例，50%为时间排名比例location[t]=t;}//使用归并排序merge_sort(ratio,location,0,sqlnumber-1);if((fp=fopen("result.txt","w"))==NULL){        printf("Error Opening File.\n");            }fprintf(fp,"the http str is: %s\n", str1);fprintf(fp,"The whole rank list\n");for(t=0;t<sqlnumber;t++){fprintf(fp,"The ID:%d The Ratio:%lf The SQL:%s\n",location[t],ratio[t],str2[location[t]]);}fclose(fp);printf("Job Done\n");    return 0;}