Network attack scene generating method based on multi-source alarm logs

A network attack and log technology, applied in data exchange networks, digital transmission systems, electrical components, etc., can solve problems such as incomplete attack scenarios, and achieve the effect of clarifying the attacker's intentions

Inactive Publication Date: 2015-04-22
THE PLA INFORMATION ENG UNIV
View PDF5 Cites 100 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] The purpose of the present invention is to provide a method for generating network attack scenarios base

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack scene generating method based on multi-source alarm logs
  • Network attack scene generating method based on multi-source alarm logs
  • Network attack scene generating method based on multi-source alarm logs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be described in further detail below in conjunction with the accompanying drawings.

[0025] Basic scheme of the present invention is:

[0026] Step 1), collecting the alarm logs generated by the network security protection equipment;

[0027] Step 2), for the effective alarm log obtained by a single device, through single-source log aggregation and mapping, the difference in the log format of different devices is shielded, and the attack event information is extracted;

[0028] Step 3), performing fusion analysis on the attack event information extracted from different sources, and generating network attack event information with a set credibility;

[0029] Step 4), through attack event correlation analysis, generate a network attack scene graph, and analyze the entire attack process of an attack behavior.

[0030] Specifically, a specific implementation manner is given below.

[0031] For step 1), for a specific network environment, colle...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network attack scene generating method based on multi-source alarm logs. The network attack scene generating method includes the steps that firstly, the alarm logs generated by multiple network security protection devices are collected, effective alarm log data are extracted through preprocessing, and noise, redundancy or ineffective logs are removed; for the effective alarm logs acquired by one device, log format differences of different devices are shielded through single-source log aggregation and mapping, and attack event information is analyzed and extracted; attack events extracted from different sources are fused and analyzed, and network attack events with high credibility are generated; then through correlation analysis of the attack events, a network attack scene graph is generated, and the whole attack process of one attack operation is analyzed. Due to the fact that the multi-source logs are fused, the analyzed attack event information can more completely and more reliably depict attacks to which a network is subject, attack scenes are acquired through correlation analysis of the attack events, the intentions of attackers can be more clearly shown, and the security threat state of the network can be more clearly reflected.

Description

technical field [0001] The invention relates to a network attack scene generation method based on multi-source alarm logs. Background technique [0002] With the development of Internet technology and the continuous improvement of social informatization, the network has gradually become an indispensable part of people's production and life, and network security has received more and more attention. Various security products are used to detect attack threats in the network and maintain the safe operation of the network. However, these security measures generally can only play a specific role within a certain range, and lack effective data fusion and collaborative management mechanisms among each other. Faced with a lot of scattered information, network security managers cannot respond to these network attack threats in a timely manner. For the purpose of grasping the threats of network attacks as a whole and maintaining the safe operation of the network, the network threat ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24
CPCH04L63/1416
Inventor 尹美娟刘晓楠罗军勇骆凯刘琰胡倩
Owner THE PLA INFORMATION ENG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap