Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Network security situation awareness analysis method based on log and SNMP information fusion

A network security and situational awareness technology, applied in the field of network security situational awareness analysis based on the fusion of logs and SNMP information, can solve the problems of high false negative rate, SNMP agent unable to provide historical data, unable to provide network layer information, etc.

Active Publication Date: 2014-07-02
HARBIN ENG UNIV
View PDF6 Cites 21 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are certain defects in SNMP analysis or log analysis alone.
(1) The SNMP agent cannot provide the management station with historical data of a certain target set, but can only provide the current status of the device or data within a short period of time, which hinders the analysis of the overall operation trend of the network
(2) The detection granularity of SNMP protocol is rough, the data data is simple and cannot provide information above the network layer
[0006] (2) SNMP detection has rough granularity, simple data and cannot provide information above the network layer
However, the establishment of its knowledge base has a strong dependence on expert knowledge, and the false negative rate is high; and the threshold is fixed, and the detection accuracy is reduced

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security situation awareness analysis method based on log and SNMP information fusion
  • Network security situation awareness analysis method based on log and SNMP information fusion
  • Network security situation awareness analysis method based on log and SNMP information fusion

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0083] Below in conjunction with accompanying drawing and specific implementation method, the present invention is described in more detail:

[0084] The network security situational awareness analysis method based on log and SNMP data fusion includes five stages: data collection, preprocessing, data analysis, data fusion and visualization.

[0085] 1. The data collection stage based on log and SNMP data fusion includes log data collection and SNMP data collection, of which

[0086] (1) Log data collection includes the following three steps:

[0087] ① Obtain log data information from network devices.

[0088] ②Set the log collection format of the log collection agent: log recording time, source host address, destination address, source port number, destination port number, SYN flag, service type.

[0089] ③ Start the collection agent, and store the collected log data into the source log database.

[0090] (2) SNMP data collection includes the following four steps:

[0091...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the field of network security situation awareness, and particularly relates to a network security situation awareness analysis method based on log and SNMP information fusion. The method includes the steps of performing data collection based on log and SNMP data fusion, performing preprocessing based on log and SNMP data fusion, performing log data analysis and SNMP data analysis, performing log and SNMP data fusion and performing visualization on log and SNMP data fusion. Compared with a method for analyzing log data or SNMP data sources singly, through combination of the two kinds of data, the overall operation trend of the network situation can be well analyzed, and analysis is more comprehensive and more accurate. According to a system, data with a high important degree is selected to be processed according to user requirements, and the burden of processing a large number of data is relieved. An automatic threshold value correction method is used, therefore, threshold value parameters defined by a user are more accurate, and the accuracy of data fusion is improved.

Description

technical field [0001] The invention belongs to the field of network security situational awareness, and in particular relates to a network security situational awareness analysis method based on log and SNMP information fusion. technical background [0002] With the development of computer and network technology, attack methods are becoming more and more specialized, and network security incidents emerge in endlessly. Passive defense technologies such as a single firewall and intrusion detection system can no longer ensure network security. Therefore, improving the active defense capability of the network is the current network security research. The main direction of the field, and the research in the field of network security situational awareness is particularly prominent. [0003] The data sources of the network security situation awareness system are very rich, among which log and SNMP data occupy an important position. However, there are certain defects in independen...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06
Inventor 王慧强梁晓郭方方吕宏武
Owner HARBIN ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com