Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A network event correlation analysis method and device, computer equipment

A correlation analysis and network event technology, applied in data exchange networks, electrical components, digital transmission systems, etc., can solve problems such as insufficient correlation of rules, effective alarm interference, and high event false alarm rate, so as to increase the diversity of rule conditions, Reduce the effect of alarm storm and comprehensive intrusion information

Active Publication Date: 2021-10-22
BEIJING CHANGYANG TECH CO LTD
View PDF16 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Huge and complex information sources make the information that security personnel need to process more and more complicated, making it impossible for them to effectively judge the importance of alarms and the path of problems
[0003] Most of the attack (intrusion) events in the network environment do not occur independently, and there is an inevitable relationship between them, and this relationship cannot form an effective record because of the independence and isolation between components
At present, most intrusion detection technology rules are simple in logic, simply recording the occurrence and location of the event, and triggering an alarm when the threshold is reached by setting a threshold. The large amount of alarm information sent interferes with effective alarms, causing event alarm storms, and when matching alarms, because the rules are simple, many matching operations result in false alarms, and the rate of event false alarms is high.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A network event correlation analysis method and device, computer equipment
  • A network event correlation analysis method and device, computer equipment
  • A network event correlation analysis method and device, computer equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0036] Such as figure 1 As shown, a network event correlation analysis method provided by an embodiment of the present invention includes the following steps:

[0037] Step S1, setting an event correlation description file, which is used to describe correlation rules, and records attributes of multiple event nodes and multiple intrusion path...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The present invention relates to a network event correlation analysis method and device, computer equipment, and a computer-readable storage medium. The method includes: setting an event correlation description file; updating rule information according to the event correlation description file, and initializing the obtained rule information as internal Rule path diagram; obtain the reported event, generate a state machine, make the state machine run on the internal rule path diagram according to the reported event, and save the record of each step of operation; when the state machine advances to the event node for reporting an alarm, Then send the alarm information and destroy the state machine; judge whether to continue the detection, if so, return to wait for the trigger of the newly reported event. The invention can realize intrusion event detection, and has the advantages of diverse rule conditions, clear intrusion lines, low false positive rate and clear context relations.

Description

technical field [0001] The invention relates to the technical field of computer and network security, in particular to a network event correlation analysis method and device, computer equipment, and a computer-readable storage medium. Background technique [0002] With the development of computer technology and network technology, the diversity of business systems makes the way of intrusion complex and hidden. Common security devices such as firewalls, intrusion detection systems, certificate authorization systems, integrity check tools, anti-virus software, etc., the independence of these security components produces redundant alarms, and the alarms have no context. The huge number of information sources makes the information that security personnel need to process more and more complicated, making it impossible for them to effectively judge the importance of alarms and the path of problems. [0003] Most of the attack (intrusion) events in the network environment do not o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/065H04L63/1416
Inventor 张鑫沈志淳姜海昆范宇
Owner BEIJING CHANGYANG TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com