Correlation engine system based on scene and data processing method thereof

An engine and scene technology, applied in the field of associated engine systems, can solve problems such as inability to dynamically load and expand, lack of scalability, and inability to effectively meet the ever-changing needs of the user's network environment.

Inactive Publication Date: 2009-12-09
XIDIAN UNIV
View PDF0 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0008] 1. Fixed source of events, lack of scalability;
[0009] 2. The static attack behavior detection mode cannot be dynamically loaded and expanded;
[0010] 3. The static response method cannot effectively meet the ever-changing needs of the user's network environment;
[0011] All kinds of existing network security management products are developed for specific application fields or environments, among which event collectors, behavior detection modes and response methods are all aimed at existing and specific security technologies to realize their monitoring, control and management Once a new security technology emerges or there are non-mainstream security requirements in the network environment, these new technologies can only be applied after being approved by the network security management product manufacturer and after product upgrades. It is difficult to configure, expand and remote control

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Correlation engine system based on scene and data processing method thereof
  • Correlation engine system based on scene and data processing method thereof
  • Correlation engine system based on scene and data processing method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] refer to figure 1 , the context-based correlation engine system of the present invention includes:

[0049] The core module is used to implement the logical analysis function of the correlation engine description language, record the current security status, collect and schedule security events, judge and trigger transition conditions, drive the transition of the current status, and based on the final transition status according to the input data information The processing result is given, which is the underlying implementation basis of the correlation engine and has nothing to do with specific applications;

[0050] The plug-in module is used to load different plug-ins for the core module, so that the correlation engine expands from an application-independent core module to a correlation engine with specific functions and detection of specific attacks, and realizes correlation by installing or upgrading plug-ins in the core module The upgrade and expansion of the engi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a correlation engine system based on scene and a data processing method thereof, aiming at mainly overcoming the disadvantages of poor expansibility and flexibility in the existing security management centers. The system is mainly composed of a plug-in module and a core module; wherein the plug-in module realizes different functions of the correlation engine system by configuring and installing an event format expanding plug-in, an event collecting plug-in, a scene analyzing plug-in and a response output plug-in; the core module describes the whole attack process as an attack scene changing states continuously by a management center, is in charge of correlation analysis and processing on warning information reported by each detection sensor, and realizes cooperative work and uniform management of all the sensors. The invention has the advantages of flexible configuration, easy expansibility and high detection rate and is applicable for data processing and analysis of various security management centers and intrusion detection systems.

Description

technical field [0001] The invention belongs to the technical field of computer security protection, in particular to a scenario-based correlation engine system for processing security data generated by network equipment including routers, switches, firewalls, intrusion detection systems and servers. Background technique [0002] In recent years, the computer network has developed from being only a means of communication to a widely used computer environment infrastructure, especially the Internet, which has become an important network that governments, enterprises, financial institutions and thousands of users rely on. infrastructure. [0003] At the same time, the security monitoring and management of this computer network has also become an important issue. For a long time, people have used intrusion detection system IDS products to solve this problem. IDS monitors information on the host system or the network, and searches for network packets, operating system calls, au...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
Inventor 朱辉李晖张卫东尹钰
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap