Information security event automatic association and rapid response method and system based on big data analysis

An information security and automatic correlation technology, applied in the field of information security technology and big data, can solve problems such as difficulty in meeting the needs of large data volume correlation analysis, inversion, correlation analysis engine misreporting or omission, etc., to shorten the alarm response time, Eliminate false positives, improve accuracy and confidence

Active Publication Date: 2016-08-10
NANJING LIANCHENG TECH DEV
View PDF4 Cites 20 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In a complex network environment, due to the influence of network transmission delay and front-end processing delay, the timing of security events entering the engine may be reversed, resulting in the failure of the "state machine" to be triggered, and false positives or false negatives in the c

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Information security event automatic association and rapid response method and system based on big data analysis
  • Information security event automatic association and rapid response method and system based on big data analysis
  • Information security event automatic association and rapid response method and system based on big data analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] Below is further detailed description of the present invention according to accompanying drawing and example:

[0045] figure 1 It is the alarm log format of the IDS security equipment produced by a certain company. Line 1 indicates the alarm type, alarm category and alarm priority. Line 2 indicates the time when the intrusion occurred, the IP address and port number of the sender and receiver, as well as TTL, network protocol, service type and length.

[0046] figure 1 The log uses 6 attributes, so that each alarm is represented as a 6-dimensional array ( , , , , , ). The attributes of the 6-dimensional array are alarm occurrence time, source IP, source port, destination IP, destination port and alarm type. These attribute values ​​are either text, IP addresses, times, or numbers. An alarm type is The alarm is actually when The value is An example of an alarm at time.

[0047] Generally, meta-alerts are used to describe related alarms. A meta-ala...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an information security event automatic association and rapid response method and system based on big data analysis. The method and the system comprise an offline association module, an online association module, an element alarm comparison module, an element alarm priority module, an element alarm clustering module, an attack mode discovering module and an alarm response system/work order module. Through adoption of the method and the system, alarms reported by a security device are aggregated into element alarms for correlation analysis by using a big data technique, thus generating multiple element alarms. Element alarm priority analysis is carried out after alarm correlation analysis is carried out; alarm priorities corresponding to element alarms are distributed; an alarm response system informs related personnel and the delegates related personnel to check and repair faults according to the alarm level priorities; the alarm response time is remarkably shortened; and misinformation generated by information security devices such as IDS (Intrusion Detection Systems) is eliminated.

Description

technical field [0001] The invention relates to the fields of information security technology and big data technology, in particular to a method and system for event correlation and rapid response of an information system. . Background technique [0002] The English abbreviation included in the present invention is as follows: [0003] IDS: Intrusion Detection Systems intrusion detection system. [0004] LOF: Local Outlier Factor local abnormal factor [0005] TTL: Time to Live This field refers to the maximum number of network segments allowed to pass before the IP packet is discarded by the router [0006] TOS: Type of Service business type [0007] ACG: Alert Correlation Graph [0008] GED: Graph Edit Distance graph edit distance [0009] DMZ: demilitarized zone isolation area, or demilitarized area [0010] App: Application application [0011] Recent research results show that almost all information security devices use log files as evidence of being attacked (V...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/24H04L29/06
CPCH04L41/0631H04L63/1425H04L63/1433
Inventor 凌飞李木金
Owner NANJING LIANCHENG TECH DEV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap