A method and system for identifying hotspot security events
A security event and hot event technology, applied in the field of information security, can solve the problems of low accuracy of key information and significant impact of analysis
Active Publication Date: 2018-03-27
STATE GRID CORP OF CHINA +1
View PDF3 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0007] However, the current research on hot event analysis often focuses on the Internet field, and only focuses on the event information itself. In fact, it is only the analysis of hot "topics", and the accuracy of reflecting key network information is low. In the enterprise network environment, enterprise assets The scale is relatively stable, and the value of assets, the severity of security incidents, and the network level to which security incidents belong have a major impact on the analysis of hotspot events, which are not involved in general hotspot analysis
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0063] In order to facilitate the understanding of those skilled in the art, the present invention will be further described below in conjunction with the accompanying drawings, which cannot be used to limit the protection scope of the present invention.
[0064] The purpose of the present invention is to propose a method for identifying hotspot security events in a complex network environment in order to overcome the shortcomings of the prior art. The invention collects the SYSLOG log data of each network device asset in the enterprise network, normalizes it into a security event record with a unified format; builds a network hotspot center with network layering and IP segmentation technology; maps the security event record to the hotspot according to IP and asset information In the center; comprehensively consider factors such as the severity of security incidents, the number and the importance of assets to calculate the hotspot index of each hotspot center; when the hotspot ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a method and system for identifying hotspot security events, comprising: collecting SYSLOG security log data in different formats of various types of network assets in real time through the system log SYSLOG protocol, and standardizing the SYSLOG security log data into security record. According to the IP address of the network asset and the asset type of the network asset, the security event records are mapped to the pre-built network hotspot center. Calculate the hotspot index of the security event records in the network hotspot center. When the hotspot index exceeds the predetermined threshold, it is determined that the network hotspot center is abnormal, and the network asset with the greatest influence in the network hotspot center is regarded as a hotspot asset, and the security event record related to the hotspot asset is identified as a hotspot event. Through the solution of the invention, hot events can be comprehensively analyzed and key network information can be accurately reflected.
Description
technical field [0001] The invention relates to the field of information security, in particular to a method and system for identifying hotspot security events. Background technique [0002] With the increasing scale of the enterprise's internal information network, the number of various devices in the network has increased sharply, and various security and attacks from outside and inside have also increased sharply, threatening network information security. In order to continuously cope with new security challenges, the enterprise network has deployed anti-virus systems, firewalls, intrusion detection systems, vulnerability scanning systems, UTM, etc. The logs of various devices record the operating status of the devices, the operations performed by various users, etc. information, which are referred to as security events. In the current network environment, the security event data of various devices is very large, and the growth rate of this information is also getting fa...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L29/06G06F17/30
Inventor 陈连栋孔明齐东斌黄镜宇史新茹
Owner STATE GRID CORP OF CHINA