Multi-dimensional event correlation analysis method

A technology of event correlation and analysis method, which is applied in the field of multi-dimensional event correlation analysis, can solve the problems of query performance degradation, data return time cannot achieve second-level response, etc., and achieve the effect of meeting the needs of forensics

Active Publication Date: 2018-03-27
THE THIRD RES INST OF MIN OF PUBLIC SECURITY
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Since there are hundreds of millions of event storage entries, the query performance is reduced, and the data return time cannot be less than a second-level response

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-dimensional event correlation analysis method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to make the technical means, creative features, goals and effects achieved by the present invention easy to understand, the present invention will be further described below in conjunction with specific illustrations.

[0029] For suspicious events, this example uses an efficient search engine to quickly list events related to suspicious events through multiple dimensions (IP address, port, time, etc.), so that analysts can find the correlation between events.

[0030] The event retrieval here is the process of querying events according to the conditions; the conditions of the event retrieval include event type, scene type, time, and keywords; the event retrieval results are displayed in the form of a list, and you can click on a certain time to view the details.

[0031] This example uses multiple dimensions to associate related fields and table design, and then stores data based on search engine technology to achieve efficient retrieval output.

[0032] In or...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multi-dimensional event correlation analysis method. A retrieval engine is utilized to list events related to suspicious events from a plurality of dimensions. According to the scheme, the efficient retrieval engine is creatively used for the suspicious events, the events related to the suspicious events are quickly listed through a plurality of dimension (IP addresses, ports, time and the like), the correlation between the events can be conveniently presented, and the relevant events can be tracked and traced.

Description

technical field [0001] The present invention relates to event retrieval technology, in particular to multi-dimensional event correlation analysis technology Background technique [0002] Using a high-performance search engine for fast event retrieval has become an indispensable means in people's work. A combination of multiple conditions including source address, source port, destination address, destination port, time range, event level, event category, etc. can be used for retrieval. [0003] When the data query time interval is relatively large, such as data within one year. Since there are hundreds of millions of event storage entries, the query performance is reduced, and the data return time cannot be less than a second-level response. Contents of the invention [0004] Aiming at the problems existing in the existing suspicious event correlation analysis technology, an efficient and accurate suspicious event correlation analysis scheme is needed. [0005] Therefor...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30
CPCG06F16/2264G06F16/2282G06F16/951
Inventor 陶源李明
Owner THE THIRD RES INST OF MIN OF PUBLIC SECURITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap