The invention relates to a
network attack scene generating method based on multi-source alarm logs. The
network attack scene generating method includes the steps that firstly, the alarm logs generated by multiple
network security protection devices are collected, effective alarm
log data are extracted through preprocessing, and
noise, redundancy or ineffective logs are removed; for the effective alarm logs acquired by one device, log format differences of different devices are shielded through single-source log aggregation and mapping, and
attack event information is analyzed and extracted;
attack events extracted from different sources are fused and analyzed, and
network attack events with high credibility are generated; then through
correlation analysis of the
attack events, a network attack
scene graph is generated, and the whole attack process of one attack operation is analyzed. Due to the fact that the multi-source logs are fused, the analyzed attack event information can more completely and more reliably depict attacks to which a network is subject, attack scenes are acquired through
correlation analysis of the attack events, the intentions of attackers can be more clearly shown, and the security
threat state of the network can be more clearly reflected.