Apt attack scene recovery detection method and system based on multi-source log correlation analysis

A technology of correlation analysis and attack scenarios, applied in the field of network security, can solve problems such as poor APT attack effect, and achieve the effect of simple construction and strong applicability

Active Publication Date: 2021-11-30
XIDIAN UNIV
View PDF13 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is to provide a method and system for restoring and detecting APT attack scenarios based on correlation analysis of multi-source logs, which can restore attack scenarios more comprehensively and accurately, in order to solve the problem of poor detection of APT attacks through logs in the above-mentioned prior art , to prevent high false positive rate and fish that slip through the net, and ensure accurate detection of APT attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Apt attack scene recovery detection method and system based on multi-source log correlation analysis
  • Apt attack scene recovery detection method and system based on multi-source log correlation analysis
  • Apt attack scene recovery detection method and system based on multi-source log correlation analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0054] The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0055] The APT attack scene recovery detection method based on multi-source log association analysis of the present invention is mainly composed of three stages: identifying events in the system, constructing a scene graph, and detecting APT attacks. see figure 1 , the specific implementation method is as follows:

[0056] Step 1, identify events in the system;

[0057] (1a) Collect firewall logs, network traffic records and process logs, analyze the logs, unify the format of log entries, and use 24-dimensional relationship vectors Correlate all log entries, capturing the relationships within and between logs:

[0058] Specifically, first collect logs from different sources (firewall logs, network traffic records, and process logs), analyze the logs, adjust parameters, delete redundancy, and unify the format. The present invention retains...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

APT attack scene recovery detection method and system based on multi-source log correlation analysis, the detection method includes collecting multi-source logs of hosts, setting new characteristic parameters, using relationship vectors to correlate all log entries, and treating all log entries as nodes in the network , the relationship between log entries is regarded as the edge between nodes, an undirected and weighted complex network graph is constructed, and the label propagation algorithm is used to cluster and identify events; then log and events are formed into a long sequence in chronological order to mine events The logical relationship and time relationship among them, generate the initial sub-partition graph and continuously optimize it to obtain the scene graph; then learn the vector representation of the vertices and edges of the scene graph, perform clustering, and detect new edges and vertices of the updated scene graph Whether it is abnormal, after the detection is completed, the clustering situation is updated to prepare for subsequent detection. The invention can comprehensively and accurately restore the attack scene, prevent high false alarm rate and fish that slip through the net, and efficiently detect APT attacks.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to an APT attack scene restoration detection method and system based on correlation analysis of multi-source logs. Background technique [0002] With the rapid development of computer information technology, people rely more and more on the network for information transmission and interaction. However, incidents that threaten network security occur frequently, which have seriously affected the information security of the entire society and individuals. It is reported that, on average, an Internet computer intrusion event occurs every 20 seconds around the world. In order to protect network security, devices such as firewalls and intrusion detection systems have appeared on the market. These devices perform rule matching based on unique parameters in network data packets, and can only alarm and block behaviors that violate existing rules. has a certain lag. Especially f...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1441
Inventor 李腾张钰洁张翔宇温子祺廖艾林杨旭魏大卫马卓沈玉龙马建峰
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap