Safety monitoring correlation analysis method based on state machine

A technology of security monitoring and correlation analysis, applied in the field of network security, can solve the problems of system inspection efficiency reduction, system inspection efficiency reduction, etc.

Active Publication Date: 2010-07-07
ULTRAPOWER SOFTWARE
View PDF0 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] (1) Accurately defined attack scenarios are required
[0008] (2) When too many security attack scenarios are defined, it is necessary to match the security events with each attack scenario, resulting in a significant drop in system inspection efficiency
[0009] (3) When the attacker conducts a coordinated attack, it is necessary to maintain too many security states, resulting in a decrease in the inspection efficiency of the system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety monitoring correlation analysis method based on state machine
  • Safety monitoring correlation analysis method based on state machine

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The state machine-based safety monitoring association analysis method proposed by the present invention is described as follows in conjunction with the accompanying drawings and embodiments.

[0039] Such as figure 1 As shown, step S1 determines the security state corresponding to each attack stage of the attack scenario of the target system, where the attack scenario refers to the set of security events generated when interdependent and time-ordered mutual behaviors occur, and the attack scenario can be constructed through rules To identify real attack events and predict the next action of the attack, the security status usually includes the collection of target system information, access to permissions, backdoor entry, and log cleaning.

[0040] In step S2, classify the security events related to the attack scenario detected by each monitoring program, and establish a comparison table of security status and security events, that is, a comparison table of each attack s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a safety monitoring correlation analysis method based on a state machine, which comprises the following steps: determining the safety state corresponding to attack phases of an attack scenario of a target system, the attack scenario is a safety event set which is generated when interdependent interactive behaviors with time order occur; categorizing the safety events which are inspected by a monitoring program of the target system and relative to the attack scenario and establishing a comparison table of the safety state and the safety events; and inspecting and recording the safety state of the target system according to the comparison table. In the condition of guaranteeing the sustainable system running speed, the method can store the safety state of assets for a longer time; the method can inspect distributed system attacks; in the condition of not defining an accurate attack scenario, the method can determine the safety state of the system; and the method can analyze the attacked track of the system and provide evidence for investigation and evidence collection.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a state machine-based security monitoring association analysis method. Background technique [0002] In the traditional attack scenario reconstruction method for solving multi-step attacks, the timing correlation method is mainly used. [0003] The main implementation process of traditional attack scenario reconstruction is as follows: [0004] (1) Customize the attack scenario, and express the attack process that needs to be checked with rules. [0005] (2) Match the checked security event with the rule, and generate an alarm if the rule is met. [0006] The shortcoming of prior art one: [0007] (1) Accurately defined attack scenarios are required. [0008] (2) When too many security attack scenarios are defined, it is necessary to match each attack scenario to the security event, resulting in a significant decrease in the inspection efficiency of the system. [0...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 王雪飞苏砫郭唤斌张志雄黄理方腾飞依鹏涛
Owner ULTRAPOWER SOFTWARE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap