A regular old accumulate could do this. Doesn't even have to be custom:
rule "many bogus attempts"
when
$login : Login( $baseName : name)
$total : Number( intValue > 5 )
from accumulate( Login( this != login, eval(levenshtein(name, baseName) ),
init( int total = 0; ),
action( total++; ),
reverse( total--; ),
result( total ) )
then
//ALARM!
end
This basically says "accumulate all Logins where the name is within a levenshtein distance of a given Login and freak out if there's more than X."
This rule isn't all fusiony, but you get the idea. Also, the eval in the accumulate could be a custom operator for readability.
--- On Tue, 6/22/10, Earnest Dyke <earniedyke@yahoo.com> wrote:
From: Earnest Dyke <earniedyke@yahoo.com>
Subject: Re: [rules-users] Inter-fact comparison
To: "Rules Users List" <rules-users@lists.jboss.org>
Date: Tuesday, June 22, 2010, 2:57 PM
Thanks for the quick reply.
Yes, the original facts are already coming in via a stream (Fusion) to an existing set of rules so I was hoping to build on that. What I am trying to do is evaluate logins information as users are attempting to login trying to identify hack attempts by a person trying to login with a slightly different user name over a given period of time.
Earnie!
From: David Sinclair <dsinclair@chariotsolutions.com>
To: Rules Users List
<rules-users@lists.jboss.org>
Sent: Tue, June 22, 2010 3:47:36 PM
Subject: Re: [rules-users] Inter-fact comparison
Hi Earnie, What you are explaining seems pretty straight forward and would more likely than not be overkill to use a rule engine. Are there other aspects of the system you are leaving out that warrant the use of Drools?
dave 2010/6/22 Earnest Dyke <earniedyke@yahoo.com>
Greetings all,
I have a requirement to compare a set of facts against each other, calculate a value that indicates the amount of difference (Levenshtein distance) between a single attribute on each fact. So I load all of my facts into working memory then what? Do I execute a rule first that creates a new set of facts which is a Cartesian product of the original set of facts, each new fact containing a reference to two original facts and the diff between them? Looked at using a custom accumulate function but I don't think that's going to do what I need since it is intended to go through a set of facts and return a single value.
Any and all related help is appreciated.
Earnie!
_______________________________________________
rules-users mailing list
rules-users@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users
-----Inline Attachment Follows-----
|