IDS rule optimization system and optimization method

An optimization method and rule technology, applied in the field of network security, can solve the problems of IDS false alarms and alarms, and achieve the effect of reducing the false alarm rate, reducing the number of alarms, and optimizing IDS rules

Active Publication Date: 2017-02-22
SHANGHAI CTRIP COMMERCE CO LTD
View PDF5 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The technical problem to be solved by the present invention is to provide an optimization system and optimization method for IDS rules in order to overcome the defect that there are a large number of false alarms in IDS itself in the prior art, resulting in a large number of alarms

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • IDS rule optimization system and optimization method
  • IDS rule optimization system and optimization method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The present invention is further illustrated below by means of examples, but the present invention is not limited to the scope of the examples.

[0035] Such as figure 1 As shown, the optimization system of the IDS rule of the present invention includes an alarm log processing module 1, a historical alarm database 2, a query module 3, a rule statistics module 4, a scanning module 5, an extraction module 6, an address statistics module 7, and a false alarm rule identification module 8 and processing module 9.

[0036] Wherein, the alarm log processing module 1 first collects the IDS alarm log, which includes the IDS rule name, source IP address and destination IP address, and generates an alarm log according to the IDS rule name, source IP address and destination IP address The unique identification code of the IDS alarm log, and obtain the date of the IDS alarm log;

[0037] Wherein, the unique identification code may specifically be an MD5 value;

[0038] The histor...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an IDS rule optimization system and optimization method. The optimization system comprises an alarm log processing module which collects IDS alarm logs, generates unique identification codes and obtains a date of that day, a historical alarm database which stores historical IDS alarm logs, a query module which queries whether the collected IDS alarm logs are stored in the historical alarm database or not and performs storage if the collected IDS alarm logs are not stored in the historical alarm database, a rule statistics module which performs statistics on the historical alarm database of the past M days and generates M historical alarm lists, a scanning module which scans each historical alarm list and performs a query, an extraction module which extracts historical alarm logs, of which a statistic frequency is higher than a first threshold, and obtains an IDS rule name, an address statistics module which performs statistics on an address quantity according to a flow direction, a false alarm rule identification module which identifies an IDS rule, in which the address quantity subjected to the statistics is greater than a second threshold, as a false alarm rule, and a processing module which deletes the false alarm rule. According to the system and the method, the alarm quantity is reduced, so that the alarm accuracy is improved.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to an optimization system and an optimization method of IDS rules. Background technique [0002] With the development of the Internet, more and more attention has been paid to network security. IDS (Intrusion Detection Systems, intrusion detection system) is a system widely used by enterprises. To ensure the security of the network system. However, there are a large number of false alarms in the IDS system itself, resulting in a large number of alarms. Security engineers cannot obtain real threats from the massive alarm information, which greatly reduces the availability of the IDS system. Contents of the invention [0003] The technical problem to be solved by the present invention is to provide an optimization system and an optimization method for IDS rules in order to overcome the defect that there are a large number of false alarms in the IDS itself in the prior art,...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/71
CPCG06F21/71
Inventor 朱志博张昊峥吴善鹏张晓强雷兵
Owner SHANGHAI CTRIP COMMERCE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap