Attack mode detection method based on event slide window

A pattern detection and sliding window technology, which is applied in the field of attack pattern detection based on event sliding windows, can solve the lack of comprehensive analysis of log data, the inability to perform collection and analysis tasks well, and the inability to respond to log analysis and security protection in a timely manner, etc. problem, to achieve the effect of improving accuracy and speed

Active Publication Date: 2017-02-01
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF2 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, in the current distributed log association analysis and other analysis systems, the security analysis is performed on known and visible small-scale data blocks, but it is necessary to deal with the current continuously updated and massive log files, especially log streams. In a heterogeneous network environment, its tools and analysis methods are not good enough for collection and analysis tasks, and it lacks a comprehensive analysis of the overall log data, and cannot respond to log analysis and security protection in a timely manner

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Attack mode detection method based on event slide window
  • Attack mode detection method based on event slide window
  • Attack mode detection method based on event slide window

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0021] Such as figure 1 Shown the present invention is based on the attack mode detection method of event sliding window, comprises:

[0022] S1: Alarm aggregation: Since the detection environment is a distributed cluster, and each application corresponds to an alarm source, the collection, preprocessing, and compression are completed during the aggregation process. The steps are:

[0023] S11: By setting agents on different alarm sources, each agent perceives the information generated by the corresponding alarm source, and monitors it according to a certain ratio. If a new alarm is detected, it will be sent to the transmission queue. Use the open source technology of Flume log collection to effectively configure the collection agent source, transmission pipeline and collection settlement.

[0024] S12: Perform information transformation on the generated alarm information, convert it into an alarm log, and then transmit it.

[0025] S13: Normalize the data format of the alar...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an attack mode detection method based on an event slide window. The method comprises the steps of S1, normalizing, integrating, compressing and preprocessing warning information, and aggregating the warning information with approximate attribute similarity into super warning; S2, carrying out protocol on frequent items, thereby obtaining frequent correlation sequence patterns according to a causal correlation matrix; S3, for the new frequent correlation sequence patterns at each time and warning pairs of the frequent correlation sequence patterns with different attributes, carrying out weight average on the participating attributes; and S4, generating an attack pattern graph consistent with invasion characteristics. According to the method, attack patterns existing in warning logs can be mined efficiently and accurately, new invasion access behaviors can be identified or intercepted rapidly, and the accuracy and speed of mining the attack patterns in the massive and seemingly meaningless warning logs can be greatly improved.

Description

technical field [0001] The invention relates to the application of data mining in the fields of network attack identification and the like, specifically an attack mode detection method based on an event sliding window. Background technique [0002] The emergence and popularization of distributed computing provides convenient operations for processing massive data. At the same time, network security is also an issue of concern in various fields. The number of resources and threats to key information in the network environment is rising sharply. How to conduct distributed analysis through relevant data and actively respond to network attacks has become a research hotspot in the field of network security in recent years. The assessment of network security situation by analyzing log files has been more and more widely recognized. [0003] However, in the current distributed log association analysis and other analysis systems, the security analysis is performed on known and vis...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/55
CPCG06F21/552H04L63/1416
Inventor 陈爱国罗光春田玲
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap