Network security correlation analysis method based on complex event processing

A complex event processing and network security technology, applied in the field of network security correlation analysis based on complex event processing, can solve the problems of complex, unfavorable network security conditions, and low execution efficiency, and achieve the effect of processing protection and early warning

Inactive Publication Date: 2015-03-25
706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND +1
View PDF2 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The complexity leads to low execution efficiency, which is not conducive to timely analysis of the current network security situation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network security correlation analysis method based on complex event processing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The preferred embodiments will be described in detail below in conjunction with the flow charts. It should be emphasized that the following descriptions are only illustrative, not intended to limit the scope of the present invention and its application.

[0025] Step 1: Carry out unified format conversion for network security events through the security event model.

[0026] Cybersecurity events come from a variety of sources and in different formats. Before performing correlation analysis, a unified format conversion for various security events can facilitate subsequent calculations.

[0027] The event model used here includes four attributes, namely E_Identifier, E_Attribute, Restraint, Risk, where E_Identifier is a set of related identifiers that are convenient for distinguishing events, and E_Identifier={E_N, E_ID, E_Type}, where E_N represents the event name, E_ID is a unique identification code that distinguishes different events and is universal globally. E_Type...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention belongs to the field of network security technologies, and particularly relates to a network security correlation analysis method based on complex event processing. Different events from different network even sources are correlated and analyzed. According to the network security correlation analysis method, threatening influences on a whole network by security events and considerations given to importance of directly attacked equipment or software are taken into account, multi-level analysis is performed on security events generated by serial operation on the same object through a multi-level rule, and all security event risk values can be accumulated to achieve the purpose of integrally analyzing the object. The multi-level correlation matching mode is adopted, on one hand, the network security correlation analysis method meets the requirement of the logic mode that an attacker generally needs multiple steps when initiating attacks, on the other hand, risk accumulation summation is performed on the multiple events, and complex relations between the events are comprehensively considered. In this way, potential threats in the network are easily detected so that early warning and processing can be performed to protect the network.

Description

technical field [0001] The invention belongs to the technical field of network security, in particular to a network security association analysis method based on complex event processing. Background technique [0002] The rapid development of the network has brought many troubles to people while facilitating people's lives. With the continuous expansion of network scale, network attacks and sabotage behaviors are becoming more and more frequent, and the network security situation is becoming increasingly severe. Although there are layers of protection from hardware to software in the network, in general, these measures alone still cannot accurately and timely discover various attacks launched by attack targets. Especially in a complex network environment, if an attacker has already obtained some information, it is easy to obtain more important information by forging or using a small amount of information to test. Many security events related to this behavior often have int...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 沈德峰王红艳吴朝雄石波郭旭东胡佳谢小明沈艳林郭江胡大正廉海明
Owner 706 INST SECOND RES INST OF CHINAAEROSPACE SCI & IND
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap