Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for comprehensively analyzing and processing real-time alarms on basis of attack strategy graphs and intrusion detection system thereof

A processing method and comprehensive analysis technology, applied in transmission systems, electrical digital data processing, instruments, etc., can solve problems such as the influence of the accuracy of the correlation results, the inability to correlate the time span, and the large time span, so as to ensure the actual availability and improve the accuracy performance, improve processing efficiency

Inactive Publication Date: 2014-07-09
XIDIAN UNIV
View PDF1 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

While improving the operating efficiency of the system, this method also brings problems, that is, the system cannot correlate alarms whose time span exceeds the range of the sliding time window, and complex multi-step coordinated attacks often have a large time span
Wang et al. proposed a queue graph-based method [Wang et al., Journal of Computer Communications2006]. This method only "explicitly correlates" the latest alarm corresponding to the vulnerability, which has high efficiency, but it also affects the correlation The accuracy of the results has an impact

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for comprehensively analyzing and processing real-time alarms on basis of attack strategy graphs and intrusion detection system thereof
  • Method for comprehensively analyzing and processing real-time alarms on basis of attack strategy graphs and intrusion detection system thereof
  • Method for comprehensively analyzing and processing real-time alarms on basis of attack strategy graphs and intrusion detection system thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The present invention will be further described in detail below in conjunction with specific embodiments, which are explanations of the present invention rather than limitations.

[0045] The real-time alarm comprehensive analysis and processing method based on the attack strategy diagram of the present invention, such as figure 1 shown, including the following steps.

[0046] Step 1, creation of attack strategy map.

[0047] The attack strategy graph (Attack Strategy Graph, ASG) is a directed acyclic graph, which is used in the present invention to represent the prior knowledge of the attack, that is, the causal relationship between the attacks; in order to construct the ASG, the atomic attack type is first defined to expand And structure the original alarm information, and then construct the attack strategy map.

[0048] Definition 1 Atomic Attack Type (Atomic Attack Type, AAType), AAType is defined as: (AAttack, Require, Provide).

[0049] Among them, AAttack is t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method for comprehensively analyzing and processing real-time alarms on the basis of attack strategy graphs and an intrusion detection system thereof; splitting of attack scene graphs can be effectively prevented, the complete attack scene graphs can be reconstructed, the subsequent attack can be predicted, attack scenes can be fused with one another, and alarm information capable of being directly utilized can be accurately provided for analysts. The method for comprehensively analyzing and processing the real-time alarm includes steps of (1), constructing the attack strategy graphs; (2), reconstructing attack scene graphs, adding missing alarms or inferences of attack links omitted deliberately by an attacker, utilizing inference results as inference alarms and adding the inference alarms into alarm sets to be associated; (3), predicting subsequent attacks; (4), fusing the attack scene graphs, expressing fused associated records by graphs, and acquiring fresh attack scene graphs. The method and the intrusion detection system have the advantages that splitting of attack scene graphs can be effectively prevented, and analyzing accuracy can be improved. The intrusion detection system is used for analyzing and processing safety events to alarms generated by the system by the analyzing and processing method.

Description

technical field [0001] The invention belongs to the field of alarm analysis and processing in a computer network intrusion detection system, in particular to a real-time alarm comprehensive analysis and processing method based on an attack strategy graph and an intrusion detection system thereof. Background technique [0002] Intrusion Detection System (IDS), as an important network attack prevention tool, has been more and more widely used. Users can detect and analyze security events based on the alarms generated by IDS. However, due to the huge number of alerts generated by traditional IDS, the quality and level of which are low, and the alerts are isolated from each other, it is difficult to be directly and effectively used by security analysts. Therefore, it is very important to correlate alarms to reduce the number of alarms, improve the quality of alarms, and reconstruct the attack scenario. [0003] In recent years, researchers have proposed a variety of different ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/55H04L29/06
CPCG06F21/554H04L63/1441
Inventor 李金库李龙营马建峰孙聪姜奇
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com