Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Real-time security early warning method based on complex event processing

A complex event processing and security early warning technology, applied in the fields of electrical digital data processing, computer security devices, special data processing applications, etc., can solve the problems of conservative event processing, missed event reporting, single security log of security early warning processing methods, etc., to achieve Real-time analysis and early warning, the effect of improving flexibility

Active Publication Date: 2017-09-08
STATE GRID CORP OF CHINA +3
View PDF3 Cites 91 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The traditional security early warning method defines specified threat analysis early warning rules for a single threat. The rules are fixed, single and separated. With the development of attack methods, the traditional method can no longer meet the joint multi-step threat early warning requirements. Moreover, most of the traditional security early warning methods are based on threshold analysis, which determines the analysis object within a certain fixed range, and the event processing is relatively conservative, and cannot process and warn massive data based on complex events in real time and comprehensively.
[0003] To sum up, for heterogeneous source data in different environments and different vendors, the traditional security warning processing method only targets a single, certain, and serious security log
Moreover, the traditional security early warning processing method does not form a unified set of complex event processing rules to complete data normalization, semantic conversion, rule analysis, and early warning generation, which is not conducive to multi-step security event early warning, which may easily lead to missed events. The ability to expand early warning types and analysis rules is also weak

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Real-time security early warning method based on complex event processing
  • Real-time security early warning method based on complex event processing
  • Real-time security early warning method based on complex event processing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0051] In order to make the technical means, creative features, goals and effects achieved by the present invention easy to understand, the present invention will be further described below in conjunction with specific embodiments.

[0052] see Figure 1 to Figure 3 , a kind of real-time safety warning method based on complex event processing of the present invention, comprises the following steps:

[0053] (1) The collected data enters the security warning framework in real time for deduplication and denoising, and dynamic data (real-time data) is associated with static data (asset data) for normalization;

[0054] (2) The normalized data is extracted according to the semantic context and mapped into complex event fields to prepare for early warning generation;

[0055] (3) Establish a model in combination with scene rules, analyze data, and generate real-time early warning events.

[0056] On the basis of using CEP, Kafka, Storm, Esper and other open source technology fram...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a real-time security early warning method based on complex event processing. The method specifically comprises the following steps: step (1), using a formalized engine to perform log field segmentation on collected security data, performing normalization on fields according to field requirements, and associating knowledge base information according to the fields that are expected to be outputted; step (2), using a data flow semantic analysis engine to perform data context analysis according to a complex event instance to be modeled as a scene, and analyzing mapping stream data based on a standardized analysis field template; and step (3), using a security analysis model calculation engine, in an analysis rule calculation module, analyzing according to scenes based on a point event, an edge event and an interval event, and generating an early warning event. The real-time security early warning method based on the complex event processing provided by the invention realizes the multi-angle association analysis of original log data through a configurable normalization rule, a semantic recognition rule and a security analysis rule, and discovers unknown threats and carries out early warning timely.

Description

technical field [0001] The invention relates to a real-time security early warning method based on complex event processing, and belongs to the technical field of big data information security monitoring and early warning. Background technique [0002] In the process of enterprise development, the network structure is constantly adjusted and changed, network security issues emerge in an endless stream, coupled with the improvement of security awareness of users in the enterprise, the preventive control decision-making analysis of internal information security in the enterprise has become an important topic. The traditional security early warning method defines specified threat analysis early warning rules for a single threat. The rules are fixed, single and separated. With the development of attack methods, the traditional method can no longer meet the joint multi-step threat early warning requirements. Moreover, most of the traditional security early warning methods are bas...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/57G06F21/55G06F17/30
CPCG06F16/2456G06F16/24568G06F16/90344G06F21/552G06F21/554G06F21/577H04L63/0263H04L63/1416H04L63/1425
Inventor 姜帆于晓文刘莹金倩倩郭靓李炜键贾雪俞皓张路煜屠正伟张丹张骞刘强栾国强林苏蓉傅慧斌杨业平
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com