A method and system for correlation analysis of massive logs

A correlation analysis and log technology, applied in the field of information security, can solve problems such as difficult network security conditions, difficult to understand system security threat conditions, and security management personnel spending too much to process useless information

Inactive Publication Date: 2011-12-28
BEIJING VENUS INFORMATION TECH +3
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the large number of alarms and many irrelevant alarms, most of the energy of security management personnel is spent on processing useless information, and it is difficult to understand the security threat status of the system
[0005] 2. Most of the existing intrusion detection equipment detects based on a single data packet, which is reflected in the form of expression. The alarm information of the intrusion detection equipment is an isolated intrusion event
In this way, when large-scale network abnormal behavior occurs, it is difficult to intuitively obtain the characteristics of the abnormal behavior from the alarm information, and it is difficult to evaluate the current network security situation as a whole

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for correlation analysis of massive logs
  • A method and system for correlation analysis of massive logs
  • A method and system for correlation analysis of massive logs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] Specific embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0042] figure 1 is a schematic structural diagram of a massive log association analysis system according to an embodiment of the present invention. The massive log correlation analysis system 100 according to this embodiment includes an entropy module unit 101 , a triple module unit 102 , a hot event propagation display module unit 103 , and a comprehensive correlation analysis module unit 104 .

[0043] The entropy module unit 101 is used to read the intrusion detection device log within a specified time period, then calculate the entropy distribution value of the source address and destination address of the intrusion detection device log, judge whether there is a large-scale network security event, and then provide comprehensive correlation analysis The module unit 104 outputs the judgment result of the address distribution status of the c...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a massive log association analysis method and system, which realizes evaluating the current network security status and describing the current attack situation that should be paid most attention to based on the massive logs generated by the intrusion detection equipment. The method includes: obtaining the log of the intrusion detection device, and judging whether there is a large-scale network security event by calculating the distribution status of the source address and the destination address of the log of the intrusion detection device; Intrusion detection device logs are merged to detect and report abnormal addresses and hotspot events; statistics and graphics display the propagation process of hotspot events within a specified time period; correlate the above output results to give a comprehensive evaluation of the current network security status. The system includes an entropy module unit, a triple module unit, a hot event propagation display module unit, and a comprehensive correlation analysis module unit.

Description

technical field [0001] The invention relates to the field of information security, in particular to a massive log association analysis method and system. Background technique [0002] The rapid development of the Internet has brought great convenience to the dissemination and utilization of information, but at the same time, human society is facing a huge challenge of information security. In order to alleviate the increasingly serious security problems, intrusion detection equipment (IDS: Intrusion Detection System) has been deployed more and more widely. IDS is installed in the protected network segment, and its monitoring network card works in promiscuous mode, analyzes all data packets in the network segment, and performs real-time detection and response of network security events. At present, IDS generally adopts the misuse detection technology. The detection method is as follows: first, code the identification specific intrusion behavior pattern, establish a misuse pa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L12/24H04L29/06
Inventor 周涛吴恩平郝春光力立林宝晶
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap