Association analysis method and system for massive logs

A correlation analysis and log technology, applied in the field of information security, can solve problems such as difficult network security conditions, difficulty in understanding system security threats, and security managers spending time on processing useless information.

Inactive Publication Date: 2010-06-16
BEIJING VENUS INFORMATION TECH +3
View PDF0 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the large number of alarms and many irrelevant alarms, most of the energy of security management personnel is spent on processing useless information, and it is difficult to understand the security threat status of the system
[0005] 2. Most of the existing intrusion detection equipment detects based on a single data packet, which is reflected in the form of expression. The alarm information of the intrusion detection equipment is an isolated intrusion event
In this way, when large-scale network abnormal behavior occurs, it is difficult to intuitively obtain the characteristics of the abnormal behavior from the alarm information, and it is difficult to evaluate the current network security situation as a whole

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Association analysis method and system for massive logs
  • Association analysis method and system for massive logs
  • Association analysis method and system for massive logs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] Specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0042] figure 1 is a schematic structural diagram of a massive log association analysis system according to an embodiment of the present invention. The massive log correlation analysis system 100 according to this embodiment includes an entropy module unit 101 , a triple module unit 102 , a hot event propagation display module unit 103 , and a comprehensive correlation analysis module unit 104 .

[0043] The entropy module unit 101 is used to read the intrusion detection device log within a specified time period, then calculate the entropy distribution value of the source address and destination address of the intrusion detection device log, judge whether there is a large-scale network security event, and then provide comprehensive correlation analysis The module unit 104 outputs the judgment result of the address distribution status of the c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an association analysis method and an association analysis system for massive logs to evaluate the current network security condition and describe the attack condition which is paid most attention currently according to the massive logs generated by an intrusion detecting device. The method comprises the following steps: acquiring the logs of the intrusion detecting device, and judging whether a large-scale network security event exists or not by calculating the distribution condition of source addresses and destination addresses of the logs of the intrusion detecting device; merging the logs of the intrusion detecting device according to the source addresses, the destination addresses and event types, and detecting and reporting abnormal addresses and hot events; counting and displaying a propagation process of the hot events in a specific time period through graphics; and associating output results, and giving comprehensive evaluation on the current network security condition. The system comprises an entropy module unit, a triple module unit, a hot event propagation display module unit, and a comprehensive association analysis module unit.

Description

technical field [0001] The invention relates to the field of information security, in particular to a massive log association analysis method and system. Background technique [0002] The rapid development of the Internet has brought great convenience to the dissemination and utilization of information, but at the same time, human society is facing a huge challenge of information security. In order to alleviate the increasingly serious security problems, intrusion detection equipment (IDS: Intrusion Detection System) has been deployed more and more widely. IDS is installed in the protected network segment, and its monitoring network card works in promiscuous mode, analyzes all data packets in the network segment, and performs real-time detection and response of network security events. At present, IDS generally adopts the misuse detection technology. The detection method is as follows: first, code the identification specific intrusion behavior pattern, establish a misuse pa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L12/24H04L29/06
Inventor 周涛吴恩平郝春光力立林宝晶
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap