Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network event association analysis method and device, and computer equipment

A technology of correlation analysis and network events, applied in data exchange networks, electrical components, digital transmission systems, etc., can solve problems such as insufficient rule correlation, high event false alarm rate, effective alarm interference, etc., to increase the diversity of rule conditions , Comprehensive intrusion information, reducing the effect of warning storms

Active Publication Date: 2021-08-13
BEIJING CHANGYANG TECH CO LTD
View PDF16 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Huge and complex information sources make the information that security personnel need to process more and more complicated, making it impossible for them to effectively judge the importance of alarms and the path of problems
[0003] Most of the attack (intrusion) events in the network environment do not occur independently, and there is an inevitable relationship between them, and this relationship cannot form an effective record because of the independence and isolation between components
At present, most intrusion detection technology rules are simple in logic, simply recording the occurrence and location of the event, and triggering an alarm when the threshold is reached by setting a threshold. The large amount of alarm information sent interferes with effective alarms, causing event alarm storms, and when matching alarms, because the rules are simple, many matching operations result in false alarms, and the rate of event false alarms is high.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network event association analysis method and device, and computer equipment
  • Network event association analysis method and device, and computer equipment
  • Network event association analysis method and device, and computer equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0036] Such as figure 1 As shown, a network event correlation analysis method provided by an embodiment of the present invention includes the following steps:

[0037] Step S1, setting an event correlation description file, which is used to describe correlation rules, and records attributes of multiple event nodes and multiple intrusion path...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a network event association analysis method and device, computer equipment and a computer readable storage medium. The method comprises the following steps: setting an event association description file; updating rule information according to the event association description file, and initializing the obtained rule information into an internal rule path diagram; obtaining the reported event, generating a state machine, enabling the state machine to run on the internal rule path diagram according to the reported event, and storing the running record of each step; when the state machine advances to the event node used for reporting the alarm, uploading the alarm information, and destroying the state machine; and judging whether the detection is continued or not: if so, returning to wait for triggering of a newly reported event. According to the method, intrusion event detection can be realized, and the method has the advantages of being diversified in rule condition, clear in intrusion route, low in false alarm rate and clear in context relationship.

Description

technical field [0001] The invention relates to the technical field of computer and network security, in particular to a network event correlation analysis method and device, computer equipment, and a computer-readable storage medium. Background technique [0002] With the development of computer technology and network technology, the diversity of business systems makes the way of intrusion complex and hidden. Common security devices such as firewalls, intrusion detection systems, certificate authorization systems, integrity check tools, anti-virus software, etc., the independence of these security components produces redundant alarms, and the alarms have no context. The huge number of information sources makes the information that security personnel need to process more and more complicated, making it impossible for them to effectively judge the importance of alarms and the path of problems. [0003] Most of the attack (intrusion) events in the network environment do not o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/065H04L63/1416
Inventor 张鑫沈志淳姜海昆范宇
Owner BEIJING CHANGYANG TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com