A network security log template extraction method and device

A network security and log technology, applied in the field of information security, can solve the problem that it is difficult for analysts to extract log templates, log format changes, etc., to achieve high accuracy, reduce system load, and improve computing efficiency.

Active Publication Date: 2019-04-26
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF7 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although many log formats can be obtained through relevant technical documents, the log format may change as the system is updated or upgraded
Moreover, the log formats of many security product manufacturers are not disclosed to the public. For the massive logs of unknown formats in the network, it is difficult for analysts to manually extract all the log templates.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A network security log template extraction method and device
  • A network security log template extraction method and device
  • A network security log template extraction method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0032] In order to make the above objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and accompanying drawings.

[0033] The network security log template extraction method provided by the present invention, its main steps include data cleaning, information clustering and template extraction, such as figure 1 shown. Among them, data cleaning is to first filter the fields with specific formats in the log data, including date, IP address, etc.; information clustering is to use clustering algorithm to divide the logs with similar formats into one category after cleaning. Medium; template extraction is to extract the template words describing the format in the log for each log in the class, and only keep the template words in the original log to obtain the log format.

[0034] 1. Data cleaning

[0035] The data cleaning in this method is mainly to filter out...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network safety log template extraction method and device. The method comprises steps: firstly, original safety logs are subjected to data cleaning, and log information after filtering of time and IP addresses is obtained; secondly, the log information which does not containing time and IP addresses are subjected to clustering, and logs with similar formats are classified to the same class; thirdly, for logs in the each class, template words describing formats in the logs are extracted, and the template of the log format is obtained. Concretely, a DBSCAN algorithm or an OPTICS algorithm is employed to cluster logs with similar formats, and template words describing formats in logs are extracted by utilization of an LDA Gibbs sampling algorithm. The device comprises a data cleaning unit, an information clustering unit and a template extraction unit. Priori knowledge is not needed, a template of a network safety log format can be obtained automatically, the system load can be reduced, and operational efficiency and accuracy are raised.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method and device for extracting a network security log template. The solution does not depend on any prior knowledge and can automatically extract a template describing an unknown network security log format. Background technique [0002] Network security logs, including system logs generated by the operating system and alarm logs generated by network security devices, record various security events in the network environment and provide important clues for network abnormal diagnosis and network attack threat discovery. In the network security log analysis system, log format parsing is an essential step. Therefore, extracting network security log templates is of great significance for log analysis. At present, in some relatively mature network security log analysis products, such as OSSIM, Snort, OSSEC, etc., log parsing methods based on regular expressions are usually col...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/069H04L63/20
Inventor 亚静柳厅文张浩亮时金桥
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap