Network safety log template extraction method and device

A network security and log technology, applied in the field of information security, can solve the problems that analysts are difficult to extract log templates, log format changes, etc., achieve high accuracy, reduce system load, and improve computing efficiency

Active Publication Date: 2015-11-11
INST OF INFORMATION ENG CAS
View PDF7 Cites 23 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although many log formats can be obtained through relevant technical documents, the log format may change as the system is updated or upgraded
Moreover, the log formats of many securit

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network safety log template extraction method and device
  • Network safety log template extraction method and device
  • Network safety log template extraction method and device

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0032] In order to make the above-mentioned objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and drawings.

[0033] The main steps of the network security log template extraction method provided by the present invention include data cleaning, information clustering and template extraction, such as figure 1 Shown. Among them, data cleaning is to first filter the log data with a specific format, including date, IP address, etc.; information clustering is to use the clustering algorithm to divide the logs with similar formats into one category on the data after cleaning. Medium; template extraction is to extract the template words describing the format in the log for the logs in each category, and only retain the template words in the original log to obtain the log format.

[0034] 1. Data cleaning

[0035] The data cleaning in this method is mainly to filter out...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network safety log template extraction method and device. The method comprises steps: firstly, original safety logs are subjected to data cleaning, and log information after filtering of time and IP addresses is obtained; secondly, the log information which does not containing time and IP addresses are subjected to clustering, and logs with similar formats are classified to the same class; thirdly, for logs in the each class, template words describing formats in the logs are extracted, and the template of the log format is obtained. Concretely, a DBSCAN algorithm or an OPTICS algorithm is employed to cluster logs with similar formats, and template words describing formats in logs are extracted by utilization of an LDA Gibbs sampling algorithm. The device comprises a data cleaning unit, an information clustering unit and a template extraction unit. Priori knowledge is not needed, a template of a network safety log format can be obtained automatically, the system load can be reduced, and operational efficiency and accuracy are raised.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method and device for extracting a network security log template. The solution does not depend on any prior knowledge and can automatically extract a template describing an unknown network security log format. Background technique [0002] Network security logs, including system logs generated by the operating system and alarm logs generated by network security devices, record various security events in the network environment and provide important clues for network abnormal diagnosis and network attack threat discovery. In the network security log analysis system, log format parsing is an essential step. Therefore, extracting network security log templates is of great significance for log analysis. At present, in some relatively mature network security log analysis products, such as OSSIM, Snort, OSSEC, etc., log parsing methods based on regular expressions are usually col...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/069H04L63/20
Inventor 亚静柳厅文张浩亮时金桥
Owner INST OF INFORMATION ENG CAS
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap