Threat detection and alert method and system based on big data analysis

A technology of threat detection and big data, which is applied in the field of information security technology and big data, can solve the problems of inversion, low efficiency, misreporting or omission of correlation analysis engine, etc., and achieve the effect of reducing the impact

Inactive Publication Date: 2015-11-25
NANJING LIANCHENG TECH DEV
View PDF3 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0012] However, the intrusion detection system itself also has defects: the false positive rate is high, the efficiency is low in real-time applications, and even the detection of unknown attacks is powerless and inefficient
In a complex network environment, due to the influence of network transmission delay and front-end processing delay, the timing of security events entering the engine may be reversed, resulting in the failure of the "state machine" to be triggered, and false positives or false negatives in the correlation analysis engine
Therefore, the accuracy of the existing rule-based correlation analysis technology is flawed, and it is difficult to meet the large data volume correlation analysis requirements such as information security operation and maintenance management cloud platform environment.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Threat detection and alert method and system based on big data analysis
  • Threat detection and alert method and system based on big data analysis
  • Threat detection and alert method and system based on big data analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0037] Below is further detailed description of the present invention according to accompanying drawing and example:

[0038] Many methods exist for alarm correlation analysis, however, each of them has many drawbacks. The method provided by this patent provides a real-time algorithm very suitable for EWS alarm correlation analysis.

[0039] The alarm correlation analysis framework provided by this patent collects log information of various security devices such as IDS and IPS. Since they are log information generated by different devices, it is necessary to normalize them and sort alarms in chronological order. Then, the main attack scenario detection algorithm plays its part. Information security equipment generates most of the alarms. For the convenience of analysis, the alarm sequence is first divided into batches and then the batches are divided into smaller parts, namely: episode windows. figure 1 A schematic diagram of scene extraction using scene window is giv...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a threat detection and alert method and system based on big data analysis. The system comprises an alert aggregation assembly, a scene extraction assembly, a study and detection assembly, a prediction assembly and a new attack strategy digging assembly. According to the threat detection and alert method and system, the big data technology is adopted to predict and alert network attacks to government and enterprise information systems in real time, thereby greatly covering the shortage of the existing information security alert analysis technology on one hand; and on the other hand, false alerts generated by information security equipment such as an intrusion detection system can be identified and unknown malicious attacks can be analyzed, and therefore, the accuracy and the credibility of the alerts can be improved and the security risks of the information systems can be sensed.

Description

technical field [0001] The invention relates to the fields of information security technology and big data technology, in particular to a method and system for threat detection and early warning of an information system. Background technique [0002] The English abbreviation included in the present invention is as follows: [0003] IDS: IntrusionDetectionSystems intrusion detection system. [0004] CIDS: CooperativeIntrusionDetectionSystems collaborative intrusion detection system [0005] EWS: EarlyWarningSystems Early Warning System [0006] CCM: CausalCorrelationMatrix causal correlation matrix [0007] DAG: directed acyclic graph directed acyclic graph [0008] CE: Criticalepisodes critical scenes [0009] BE: BenignEpisode kindness scene [0010] With the continuous advancement of technology and the online operation of various IT services, massive amounts of data have been generated. The main challenge in this regard is to provide network protection services agai...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/1425
Inventor 凌飞李木金
Owner NANJING LIANCHENG TECH DEV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap