Key IP address safety alarm association analysis method based on fuzzy scene

A security alarm and correlation analysis technology, applied in digital transmission systems, electrical components, transmission systems, etc., can solve the problems of insufficient correlation analysis ability of massive security alarm events, and achieve good detection and analysis, good portability, good detection and stability. The effect of analytical skills

Inactive Publication Date: 2016-04-06
中国烟草总公司江苏省公司
View PDF1 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0016] The present invention is to solve the deficiency of correlation analysis technology in the prior art, so that the problem of insufficient correlation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Key IP address safety alarm association analysis method based on fuzzy scene
  • Key IP address safety alarm association analysis method based on fuzzy scene
  • Key IP address safety alarm association analysis method based on fuzzy scene

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The present invention will be described in detail below in conjunction with the accompanying drawings.

[0042] Such as Figure 1 to Figure 4 As shown, a key IP address security alarm correlation analysis method based on a fuzzy scene, the correlation analysis method includes the following steps: the present invention proposes a correlation analysis method based on a fuzzy scene for a large number of security alarm events, and first uses a statistical method to report to the police Aggregation, then use the policy to ignore and filter the alarm, and finally use the correlation algorithm based on the fuzzy scene to calculate the event suspicion corresponding to the source IP (destination IP), and use the big data analysis method to analyze the alarm log related to the suspected IP Perform statistical queries. According to the size and sorting of the degree of suspicion, managers can have an intuitive understanding of the current network status. Based on the results of ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a key IP address safety alarm association analysis method based on a fuzzy scene. The method comprises the steps of: firstly, utilizing a statistic method to aggregate alarms, then utilizing a strategy to neglecting and filtering the alarms, finally utilizing an association analysis algorithm based on the fuzzy scene to calculate an event suspected degree corresponding to a source IP, and utilizing a big data analysis method to carry out statistic querying on alarm logs related to a suspected IP. According to the invention, the concept of fuzzy scene is innovatively provided, and a conventional analysis mode by constructing an attack scene is broken through, wherein the association analysis mode of the fuzzy scene is characterized in that deep excavation and association analysis are carried out on a large number of related safety alarm events with the IP address serving as the core. Related factors of the alarms, which may influence the IP safety, are analyzed, the factors are analyzed in an integrated manner, and a suspected degree value reflecting the safety condition of the IP is obtained by an event suspected degree calculation formula.

Description

technical field [0001] The invention belongs to the technical field of security alarm correlation analysis methods, and in particular relates to a key IP address security alarm correlation analysis method based on fuzzy scenes. Background technique [0002] In computer and network systems, behaviors such as network connection, sending data packets and browsing webpages occur all the time, and these behaviors can be monitored and recorded by security devices. Among these behaviors, some behaviors may affect the security of computer and network systems, and we define such behaviors as security incidents. In the security monitoring system, the final manifestation of security events is the alarm information and log information generated by security tools. When security tools detect interesting behaviors, security alarms will be generated. In the monitoring system, there are often a large number of repeated alarms and false alarms, resulting in an excessively large amount of sec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/24
CPCH04L41/0631H04L41/0609H04L41/0618H04L41/069
Inventor 曲光学胡勇李晓蓉刘水生曹鹏
Owner 中国烟草总公司江苏省公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap