Method and system for correlation analysis of security events

A security event and correlation analysis technology, applied in the field of network security, can solve problems such as failure to trigger, inversion, misreporting or omission of correlation analysis engine, etc., to avoid distortion problems, meet accuracy requirements, and improve accuracy

Active Publication Date: 2014-12-17
CHINA TELECOM CORP LTD
View PDF4 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In a complex network environment, due to the influence of network transmission delay and front-end processing delay, the timing of security events entering the engine may be reversed, causing the "state machine" to fail to trigger, and the correlat

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for correlation analysis of security events
  • Method and system for correlation analysis of security events
  • Method and system for correlation analysis of security events

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0053] The technical solutions of the present invention will be described in further detail below with reference to the accompanying drawings and embodiments.

[0054] like figure 1 As shown, it is a schematic flowchart of an embodiment of the security event correlation analysis method of the present invention. In this embodiment, the security event correlation analysis process includes:

[0055] Step 101, receiving the security event records collected by the security operation center;

[0056] Step 102: Group the devices corresponding to the security event records into groups, and form an event sequence list sorted according to the occurrence time of the security event for each device, and the current analysis pointer points to the earliest time in each event sequence list that has not yet entered the trigger. security incident records;

[0057] Step 103, sending the security event record pointed to by the current analysis pointer into the trigger to match the preset rules...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method and a system for correlation analysis of security events. The method comprises the following steps that a security event record collected by a safe operation center is received; according to equipment grouping, an event sequence table, which is sorted according to the security event occurrence time, is formed, and a current analysis pointer points at a security event record, which does not enter a trigger, at the earliest time; the security event record, which is pointed by the current analysis pointer, is transmitted to the trigger to carry out rule matching of a state machine, and the current analysis pointer points at a security event record at the next time sequence; timing through a timer and state jump are carried out according to a rule matching condition of the security event records in the trigger, and equipment corresponding to the security event records in the trigger is counted according to an overtime condition of the state machine; and when a counting result is up to a threshold, the counting result is transmitted to a synchronous regulator, so that the synchronous regulator carries out step size adjustment on the event sequence table according to the counting result. According to the method and the system, precision requirements on correlation analysis of the security events under the complex network environment can be met.

Description

technical field [0001] The invention relates to network security technology, in particular to a security event correlation analysis method and system. Background technique [0002] In today's increasingly severe network security situation, network security management has become an important part of network operations. Security Operations Center (SOC) is a technical support platform for comprehensive analysis of network and security equipment and systems, and centralized management and monitoring of security events. The SOC collects security logs generated by devices and systems in the network, analyzes and processes them, and finds out the current security threats and potential security risks of the network, so as to issue early warnings in time to avoid heavy losses on the network. Among the large amount of security event information collected by the SOC from the network, many of them do not have real threats, some may be signs in the early stage of threat implementation, ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24
Inventor 樊宁沈军金华敏
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap