Security event correlation analysis method and system
A security event and correlation analysis technology, applied in the field of network security, can solve problems such as failure to trigger, inversion, misreporting or omission of correlation analysis engine, etc., to meet accuracy requirements, avoid distortion problems, and improve accuracy
Active Publication Date: 2017-08-08
CHINA TELECOM CORP LTD
View PDF4 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
In a complex network environment, due to the influence of network transmission delay and front-end processing delay, the timing of security events entering the engine may be reversed, causing the "state machine" to fail to trigger, and the correlation analysis engine to have false positives or false positives
Therefore, the analysis accuracy of existing correlation analysis engines is limited, and it is difficult to meet the requirements of correlation analysis in complex network environments.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0053] The technical solutions of the present invention will be described in further detail below with reference to the accompanying drawings and embodiments.
[0054] like figure 1 As shown, it is a schematic flowchart of an embodiment of the security event correlation analysis method of the present invention. In this embodiment, the security event correlation analysis process includes:
[0055] Step 101, receiving the security event records collected by the security operation center;
[0056] Step 102: Group the devices corresponding to the security event records into groups, and form an event sequence list sorted according to the occurrence time of the security event for each device, and the current analysis pointer points to the earliest time in each event sequence list that has not yet entered the trigger. security incident records;
[0057] Step 103, sending the security event record pointed to by the current analysis pointer into the trigger to match the preset rules...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The present invention relates to a security event correlation analysis method and system. The method includes: receiving the security event records collected by the security operation center; grouping according to equipment, forming an event sequence list sorted according to the occurrence time of security events, and the current analysis pointer points to the The security event record with the earliest time of the trigger; send the security event record pointed by the current analysis pointer to the trigger for state machine rule matching, and point the current analysis pointer to the security event record in the next time sequence; according to the security event record in the trigger The timer timing and state jump are performed according to the rule matching of the event record, and the device corresponding to the security event record in the trigger is counted according to the timeout of the state machine; when the counting result reaches the threshold, it is sent to the synchronous adjuster, so that The synchronous adjuster adjusts the step size of the sequence of events table according to the counting result. The invention can meet the accuracy requirement of security event correlation analysis under complex network environment.
Description
technical field [0001] The invention relates to network security technology, in particular to a security event correlation analysis method and system. Background technique [0002] In today's increasingly severe network security situation, network security management has become an important part of network operations. Security Operations Center (SOC) is a technical support platform for comprehensive analysis of network and security equipment and systems, and centralized management and monitoring of security events. The SOC collects security logs generated by devices and systems in the network, analyzes and processes them, and finds out the current security threats and potential security risks of the network, so as to issue early warnings in time to avoid heavy losses on the network. Among the large amount of security event information collected by the SOC from the network, many of them do not have real threats, some may be signs in the early stage of threat implementation, ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L12/24
Inventor 樊宁沈军金华敏
Owner CHINA TELECOM CORP LTD