Association analysis system based on event chains

A technology of correlation analysis and event chain, applied in the field of correlation analysis system based on event chain, which can solve problems such as system performance impact and series increase

Active Publication Date: 2014-02-12
SHANGHAI BAOSIGHT SOFTWARE CO LTD
View PDF8 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In order to solve the problem of timing disorder between events, it may be possible to configure two rules with opposite timing in the literature. However, if complex associations are performed, the number of rules will increase in series, which will have a serious impact on system performance.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Association analysis system based on event chains
  • Association analysis system based on event chains
  • Association analysis system based on event chains

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0113] like figure 1 As shown, the present embodiment provides a correlation analysis system based on an event chain, and the system is divided into an expression execution engine, a correlation analysis engine, an aggregation engine and an alarm engine, and the expression execution engine, the correlation analysis engine, the aggregation engine and the alarm engine The engine parts are combined to execute the rules in the rule base. The rules in the rule base can be configured by users or the built-in knowledge base of the system.

[0114] The expression part of the execution rule of the expression execution engine judges whether the event meets the condition of the expression according to the event and the expression; The relationship among them forms a chain of events. After the event chain is formed, it is sent to the aggregation engine. The aggregation engine aggregates the event chains that can be aggregated according to the aggregation conditions to form the final high...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an association analysis system based on event chains. The association analysis system comprises an expression executing engine, an association analysis engine, an aggregation engine and an alarm engine, and the four parts are combined together to execute rules in a rule base. The expression executing engine executes expression parts of the rules and judges whether events meet the expression or not according to the events and the expression; if yes, the events are sent to the association analysis engine; according to association conditions, the association analysis engine finds association relations among all the events to form the event chains, and after being formed, the event events are sent to the aggregation engine; according to aggregation conditions, the aggregation engine aggregates the event events which can be aggregated to form final high value event events and sends the final high value event events to the alarm engine; the alarm engine gives an alarm according to the event events and executes related follow-up operation. The association analysis system can execute the rules in the rule base and meet requirements in various aspects. The whole system can completely perform concurrent execution in a internal storage and reach very high performance.

Description

technical field [0001] The present invention relates to the fields of network security and information systems, and in particular relates to an event chain-based correlation analysis system. Background technique [0002] Correlation analysis means that if there is a certain correlation between two or more events, one of them can be predicted by other things. Its purpose is to mine the hidden relationship between data. [0003] Most of the existing correlation analysis technologies and methods require that the events for correlation analysis have a clear sequence, so that events can be correlated and analyzed, otherwise the rules cannot be matched, resulting in missed events. For example, "A State Machine-Based Security Monitoring Correlation Analysis Method" (application number: 200910243576.X) discusses a state machine-based correlation analysis technology, which can detect the interaction between security events with time sequence , as described in claim 1 of the patent. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24G06F17/30
Inventor 王新春徐培杰李刚钱向东
Owner SHANGHAI BAOSIGHT SOFTWARE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap