Method for collecting and synchronizing multi-source network security events
A technology for security events and network security, which is applied in the field of collection and synchronization of multi-source network security events, which can solve the problems of out-of-order events on the central server, affecting the analysis results of the event analysis terminal, and not taking into account time asynchrony, so as to improve efficiency. , easy to achieve effect
Active Publication Date: 2017-05-31
ELECTRIC POWER RES INST OF STATE GRID ZHEJIANG ELECTRIC POWER COMAPNY +1
View PDF6 Cites 5 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
The security event collection methods mentioned in these documents did not take into account the time asynchronous problems between collection agents and between collection agents and the central server, which caused the central server to appear out of order after receiving multi-source events. In the case of a large difference in the time of each Agent and a large network delay, it will seriously affect the analysis results of the event analysis terminal
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0031] The technical solutions of the present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments. The following examples are implemented on the premise of the technical solutions of the present invention, and detailed implementation methods and processes are given, but the protection scope of the present invention is not limited to the following examples.
[0032] As the method structural diagram of the present invention ( figure 1 ), the specific implementation steps of this embodiment are as follows:
[0033] 1. Multi-source network security event collection
[0034] The acquisition terminal (Agent) adopts the acquisition agent method and is responsible for collecting network security events from various event sources in real time, including: different types of network security events generated by event sources such as firewalls, intrusion detection systems, network traffic, and vulnerability scanning; events ba...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a method for collecting and synchronizing multi-source network security events. In an existing collection process of the multi-source network security events, the local times of the devices are not synchronous. The method comprises the following steps: 1) collecting the multi-source network security events: an event collection terminal collects the events generated by network security devices in real time and stores the events in an ehaache cache framework; 2) synchronous check of event source times: each event source is synchronized with the time of a server as the reference; 3) calling a RMI mechanism by a node in the ehaache cache framework in a remote method to perform event synchronization with the other nodes in the ehaache cache framework; and 4) reading event information from the ehaache cache framework by the server in real time, and processing the event information. According to the method disclosed by the invention, the time differences of the devices and the server are obtained accurately in real time by sending synchronous data packets, and calculating the network delay and a local time difference, and thus the method has the advantages of easy implementation and accurate synchronization.
Description
technical field [0001] The invention relates to the technical field of network security, in particular to a method for collecting and synchronizing multi-source network security events. Background technique [0002] With the rapid development of the network, network security issues are facing great challenges. With the continuous advancement of information technology, the means of attack and the timeliness of attack are also continuously improved. A large number of system vulnerabilities have been discovered and exploited, network security issues have become very vulnerable, and network security defense is even more important. [0003] In order to cope with the security threats faced by the network, many enterprises have deployed firewalls, behavior management equipment, anti-virus software, intrusion detection systems and other security infrastructure in the process of informatization. These security infrastructures will generate some log data related to security protectio...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/20H04L67/1095
Inventor 李景戴桦韩嘉佳卢新岱孙歆周辉李沁园姚影
Owner ELECTRIC POWER RES INST OF STATE GRID ZHEJIANG ELECTRIC POWER COMAPNY