Distributed self-optimized intrusion detection alarm associated system

An intrusion detection system and intrusion detection technology, applied in the field of network security, can solve problems such as low efficiency, poor reliability, and inability to automatically optimize, and achieve the effect of multi-response time, lowering the threshold of use, and improving the accuracy of evaluation

Inactive Publication Date: 2011-04-20
HUAZHONG UNIV OF SCI & TECH
View PDF0 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of the present invention is to overcome the above disadvantages, and propose a distributed self-optimizing intrusion detection and alarm correlation system, which solves the problems of poor reliability, low effi

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed self-optimized intrusion detection alarm associated system
  • Distributed self-optimized intrusion detection alarm associated system
  • Distributed self-optimized intrusion detection alarm associated system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The present invention will be further described in detail below in conjunction with the accompanying drawings.

[0048] The present invention introduces three feedback loops to realize the automatic optimization of the network, eliminate potential misconfigurations, and automatically improve the association knowledge and association rules; the hierarchical alarm association framework is used to flexibly support the distributed application environment, and multiple technologies are integrated to ensure that In a distributed environment, the system can efficiently implement alarm correlation analysis. Divided from functions and working principles, the system of the present invention includes an alarm library 5, a monitored system information library 6, an intrusion detection system characteristic library 7, an associated knowledge library 8, a local alarm associated analysis module 9, a system response component 10, and alarm acceptance weight information Library 11, intr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a distributed self-optimized intrusion detection alarm associated system, which comprises a local alarm associated analysis module, a system response component, an overall associated analysis module, a human-computer interface module, an intrusion detection unit and a plurality of databases. The system utilizes the property of an intrusion detection system, alarm multimediamessage weighting information and the like to improve the accuracy rate and reduce the processed data quantity, can achieve automatic optimized configuration by means of three feedback loops to avoidthe influence of error configuration, and can support distributed application environment and expansibility through the combination of local association and overall association; the system response component can automatically execute related response actions so as to reduce the workload of a security administrator and have more response time; and the human-computer interface module provides a convenient and quick management interface for the security administrator so as to reduce the using threshold of the system. The system overcomes the defects of the prior system, remarkably improves the detection accuracy rate and efficiency of the system, can defend distributed large-scale intrusion, and is suitable for modern distributed network application environments.

Description

technical field [0001] The invention belongs to the technical field of network security, and in particular relates to a distributed self-optimizing intrusion detection and alarm correlation system. Background technique [0002] Among the current mainstream security protection technologies, the firewall (Firewall) strategy determines that it can only be used as a barrier on the network boundary, but cannot prevent attacks that do not pass through the firewall, and it is also difficult to prevent attacks from inside the network and the threat of network viruses; The safety isolation technology generally has limitations such as high construction and maintenance costs, inconvenient use, poor usability, slow transmission speed and high hardware failure rate, and requires dedicated communication hardware and proprietary switching protocols, thus limiting its application range; and security assessment Technology cannot adopt different protection methods according to different attac...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/24H04L29/06
Inventor 王乘蒋少华
Owner HUAZHONG UNIV OF SCI & TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap