Intelligent association analysis method and intelligent association analysis device for security events

A security event and correlation analysis technology, applied in the field of intelligent correlation analysis of security events, can solve problems such as multi-computing space and time cost, massive security events, and sophisticated and complex analysis, so as to improve the efficiency of correlation analysis, achieve accuracy and efficiency, and save money. Calculate the effect of space

Active Publication Date: 2016-03-02
CHINA TELECOM CORP LTD
View PDF6 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The "reasoning machine" correlation analysis engine will not miss any security events and any information carried by security events, and the analysis accuracy is high. However, because the SOC's analysis of network-wide security events involves multiple devices, Inference engine" association analysis engine needs to build a large number of

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intelligent association analysis method and intelligent association analysis device for security events
  • Intelligent association analysis method and intelligent association analysis device for security events
  • Intelligent association analysis method and intelligent association analysis device for security events

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0045] The present disclosure will be described below with reference to the accompanying drawings. It is to be noted that the following description is merely explanatory and exemplary in nature, and in no way serves as any limitation of the present disclosure, its application or uses. Relative arrangements of components and steps and numerical expressions and numerical values ​​set forth in the embodiments do not limit the scope of the present disclosure unless otherwise specifically stated. Additionally, techniques, methods and devices known to those skilled in the art may not be discussed in detail but are intended to be part of the description where appropriate.

[0046] figure 1 It is a schematic flowchart of an intelligent correlation analysis method for security events according to an embodiment of the present disclosure.

[0047] Such as figure 1 As shown, this embodiment may include the following steps:

[0048] S102, performing attribute feature decomposition and ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an intelligent association analysis method and an intelligent association analysis device for security events. The intelligent association analysis method comprises the steps of decomposing the attribute characteristic of a security event which is acquired in real time and standardizing the attribute characteristic values; and traversing an offline generated unified inference structure by means of the standardized attribute characteristic value, thereby determining an attack type. The intelligent association analysis method and the intelligent association analysis device improve association analysis efficiency.

Description

technical field [0001] The present disclosure relates to the field of network security, in particular, to a method and device for intelligent correlation analysis of security events. Background technique [0002] In today's increasingly severe network security situation, network security management has become an important part of network operations. SOC (Security Operations Centre, Security Operations Center) is a technical support platform for comprehensive analysis of network and security equipment and systems, and for centralized management and monitoring of security events. The SOC collects security logs generated by devices and systems in the network, analyzes and processes them, and finds out the current security threats and potential security risks of the network, so as to issue early warnings in time to avoid heavy losses on the network. Among the large amount of security event information collected by the SOC from the network, many of them do not have real threats,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/24
Inventor 樊宁何明沈军金华敏
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap