Log correlation analysis system and method

A technology of correlation analysis and analysis method, which is applied in the field of network security management system, can solve the problems of no protocol rules, large amount of log data information, and lack of practical significance, etc., and achieve the goals of increasing calculation speed, high practical guidance, and improving objectivity Effect

Active Publication Date: 2009-12-23
SHENZHEN Y& D ELECTRONICS CO LTD
View PDF0 Cites 172 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] (1) The source of log information is different, and there are many differences in format, such as firewall logs, IDS logs, and security audit systems cannot be compared with each other
[0004] (2) The amount of log data information is huge, and the real security time exists in a large number of redundant logs. It will take time and effort to establish log time correlation only by manual analysis. Therefore, it is necessary to use security event correlation analysis technology to quickly and effectively mi

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Log correlation analysis system and method
  • Log correlation analysis system and method
  • Log correlation analysis system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] The core idea is: construct a log event correlation analysis system, which uses different detection tools to collect device health data and log data, detect security weaknesses, and submit standard log data; extract data based on preset regular expressions The feature data in the log data is composed of marked log events, and the log events are analyzed for event-vulnerability association, event-asset association, and event chain association analysis to reduce false alarms and discover new events; and then analyze the events based on the event Credibility, priority, and the value of the source assets and target assets involved in the event. After calculating the threat value and risk level of the event for the source asset and the attack threat value and risk level of the target asset, the threat value is greater than the threshold 1 event, and respond according to the event type identifier of the event.

[0049] Such as figure 1 As shown, it is a functional module sch...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a log event correlation analysis system and a method, which comprises the steps of: collecting log data, extracting characteristic data of the log data through a preset regular expression, constructing log events with uniform format according to the extracted characteristic data, querying treatment strategies of the log events, implementing cross correlation analysis and event flow logic correlation analysis to the events according to the instruction of strategies, as well as implementing risk evaluation on the log events and automatically responding. The method effectively reduces false-alarm, improves the objectivity of risk evaluation and the warning thereof has higher actual direction on users. The invention also provides a log event correlation analysis system corresponding to the method.

Description

technical field [0001] The invention relates to a network security management system and method, in particular to a log association analysis system and method. Background technique [0002] With the rapid popularization of the network, network security management has gradually become a focus, and obtaining network system conditions through logs is an important branch of network security management. A complex network system consists of a wide variety of security devices, network devices, host systems and their applications, and generates a large amount of log information every day. How to manage them in a unified way, understand the system status in a timely manner by analyzing them, discover potential threats and attacks, and respond quickly to abnormal events in the first time, is an urgent problem to be solved in network and system management, and it is also a problem to improve network systematization. Key to overall safety performance. The log-based security event mana...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/24H04L12/26H04L29/06
Inventor 戚建淮曾旭东唐娟刘云马诗真
Owner SHENZHEN Y& D ELECTRONICS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap