Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network security incident correlation method

A security event and event correlation technology, applied to electrical components, transmission systems, etc., can solve problems such as unexplainable classification results, system performance degradation, and impact on system execution efficiency, and achieve the effect of easy deployment and maintenance

Active Publication Date: 2017-12-26
慧医大数据技术(深圳)有限公司
View PDF14 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In order to maintain the correct rule base, it takes a lot of work. When the attack method changes, more new rules need to be maintained, and many old rules will become redundant rules; To a certain extent, it affects the execution efficiency of the system, and when there are too many redundant rules, the system performance will drop significantly
[0007] 2. Statistical correlation methods cannot explain the results of classification in the process of completing event correlation
[0018] The Chinese patent "Network Security Event Correlation Analysis System" with application number 201010613751.2 only forms a framework for security event collection and communication processing, and does not involve specific implementation methods

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security incident correlation method
  • Network security incident correlation method
  • Network security incident correlation method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0061] The invention discloses a method for correlating network security events, which is a similarity calculation method based on an attribute classification tree, and mainly realizes correlation in two steps.

[0062] In the first step, the original security event is classified by one-step alarm to obtain super-alert information.

[0063] The second step is to merge the super-alarm information obtained through the classification of the first step, and obtain a set of super-alarm events with strong correlation for each combination.

[0064] The method of the present invention is realized based on the following principles: a network attack can be decomposed into several attack steps, and each network attack constitutes a step in the attacker's larger attack plan, and a specific attack step can be recorded by numerous intrusion detection alarms constitute.

[0065] The event correlation method based on similarity mainly considers to correlate the original security events throu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a network security incident correlation method. The network security incident correlation method includes classifying original security incidents to respectively acquire attribute values such as IP addresses, port numbers, timestamps, original security incident classifications and alarming contents of the original security incidents, judging similarities of different original security incident attribute values, correlating the original security incidents according to similarities among the original security incidents, and correlating internally-related super alarms. The network security incident correlation method has the advantages that network security incidents are clustered according to the similarities among the original security incidents, and accordingly, the internally-related super alarms can be well correlated.

Description

technical field [0001] The invention belongs to the technical field of computer information security, and relates to a post-processing method for an intrusion detection system, in particular to a method for automatically finding the correlation between original security events generated in the intrusion detection system and obtaining super-alarm information. Background technique [0002] As a network security device, an intrusion detection system is deployed to notify administrators of threats to network services and data. However, the output of an intrusion detection system is considered low-level because a relatively simple attack can be attacked by multiple original security devices. This makes the analysis of intrusion alarm information very difficult: administrators need to try to reconstruct the entire attack pattern composed of potential attacks from the collected alarm information, and the collected information must include some false information. alarm information. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
CPCH04L63/1441H04L63/20
Inventor 刘毅李渊吴峥肖霄周洁
Owner 慧医大数据技术(深圳)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com