Dynamic warehousing method for security events

Abstract

The invention relates to a dynamic warehousing method for security events. The method comprises the following steps: S1, defining warehousing rules by using an XML (Extensive Markup Language) format file; S2, loading the warehousing rules defined in the step S1; S3, packaging designated database operation function plug-ins as a DLL (Dynamic Link Library), and loading the DLL; S4, starting TCP (Transmission Control Protocol) network service, receiving the collected security events, and defining the collected security events as service objects; S5, converting data of the service objects received in the step S4 into general JSON (JavaScript Object Notation) formats; S6, matching the service objects in the step S5 with the corresponding warehousing rules; S7, generating a corresponding SQL (Structured Query Language) sentence set according to the corresponding warehousing rules matched in the step S6; S8, calling the corresponding database operation function plug-ins to execute corresponding SQL sentences according to database types corresponding to the service objects. According to the dynamic warehousing method for the security events, various security events can be conveniently stored in various types of databases, and further trace analysis is facilitated for security technical analysts.

Description

technical field [0001] The invention relates to the technical field of network intrusion detection, in particular to a method for dynamically storing security events. Background technique [0002] Now that network intrusions are becoming more and more complex, the vulnerabilities in the network application layer have become the key attack targets of hackers. When using the vulnerabilities in the network application layer to attack, the attacker's data (attack script) is strange and strange, trying to bypass various security supervision systems It is also a cumbersome and important task to accurately and clearly classify these security events with unconventional content into various relational databases. For the warehousing process, the traditional security monitoring system will encounter the following two problems: first, the attack methods are changing dynamically, and the security event types that can be identified by security products must be further subdivided, and th...

AI Technical Summary

Problems solved by technology

For the warehousing process, the traditional security monitoring system will encounter the following two problems: first, the attack methods are changing dynamically, and the security event types that can be identified by security products must be further subdivided, and the change cycle is getting shorter and shorter, resulting in program The code is frequently updated and modified, resulting in the instability of the application system; secondly, the support for relational databases is relatively simple, and it cannot support multiple relational databases at the same time, so that it cannot meet the complex customer production environment. Even if it can be satisfied, more customized development is required

Images