Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A state machine-based security monitoring correlation analysis method and system

A technology of security monitoring and correlation analysis, applied in the field of network security, which can solve the problems of reduced system inspection efficiency and system inspection efficiency.

Active Publication Date: 2011-12-14
ULTRAPOWER SOFTWARE
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] (1) Accurately defined attack scenarios are required
[0008] (2) When too many security attack scenarios are defined, it is necessary to match the security events with each attack scenario, resulting in a significant drop in system inspection efficiency
[0009] (3) When the attacker conducts a coordinated attack, it is necessary to maintain too many security states, resulting in a decrease in the inspection efficiency of the system

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A state machine-based security monitoring correlation analysis method and system
  • A state machine-based security monitoring correlation analysis method and system
  • A state machine-based security monitoring correlation analysis method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The state machine-based safety monitoring association analysis method proposed by the present invention is described as follows in conjunction with the accompanying drawings and embodiments.

[0036] Such as figure 1 As shown, step S1 determines the security status corresponding to each attack stage of the attack scenario of the target system, where the attack scenario refers to the set of security events generated when interdependent and time-ordered mutual behaviors occur, and the attack scenario can be constructed through rules To identify real attack events and predict the next action of the attack, the security status usually includes the collection of target system information, access to permissions, backdoor entry, and log cleaning.

[0037] In step S2, classify the security events related to the attack scenario detected by each monitoring program, and establish a comparison table of security status and security events, that is, a comparison table of each attack ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a security monitoring association analysis method based on a state machine, which includes the following steps: determining the security status corresponding to each attack stage of an attack scene of a target system, the attack scene being interdependent and time-ordered mutual behaviors When it occurs, the set of security events generated; classify the security events related to the attack scene detected by the monitoring program of the target system, and establish a comparison table between the security status and security events; check and Document the security state of the target system. The present invention can store the security state of assets for a long time under the condition that the running speed of the system is guaranteed; it can check distributed system attacks; it can determine the security state of the system without defining precise attack scenarios; it can analyze Find out the track of the system being attacked, and provide a basis for investigation and evidence collection.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a state machine-based security monitoring correlation analysis method and system. Background technique [0002] In the traditional attack scenario reconstruction method for solving multi-step attacks, the timing correlation method is mainly used. [0003] The main implementation process of traditional attack scenario reconstruction is as follows: [0004] (1) Customize the attack scenario, and express the attack process that needs to be checked with rules. [0005] (2) Match the checked security event with the rule, and generate an alarm if the rule is met. [0006] The shortcoming of prior art one: [0007] (1) Accurately defined attack scenarios are required. [0008] (2) When too many security attack scenarios are defined, it is necessary to match each attack scenario to the security event, resulting in a significant decrease in the inspection efficiency of the sy...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/26H04L29/06
Inventor 王雪飞苏砫郭唤斌张志雄黄理方腾飞依鹏涛
Owner ULTRAPOWER SOFTWARE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products