False alarm elimination method based on log playback

A log and false positive rate technology, applied in the field of network security, can solve a large number of manual inspections and other problems, and achieve the effect of eliminating false blocking and false positives

Active Publication Date: 2017-12-08
HANGZHOU ANHENG INFORMATION TECH CO LTD
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, before the security policy is enabled, a large number of manual checks and monitoring are required to check whether the security policy is actually applicable, so that false positives or false blocking will not occur, which will affect the normal business.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • False alarm elimination method based on log playback
  • False alarm elimination method based on log playback
  • False alarm elimination method based on log playback

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] Below in conjunction with accompanying drawing and specific embodiment the present invention is described in further detail:

[0035] Such as figure 1 The shown method for eliminating false alarms based on log playback is used to maintain the rule base of the Web application protection system WAF, and specifically includes the following steps:

[0036] S1) Dynamically generate a test sample library, specifically through the following sub-steps:

[0037] Step A: first obtain the access log of the web application within a certain time period (the specific time period can be configured), that is, the access log saved in the WEB server.

[0038] Step B: From the access log obtained in step A, extract the web request. A web request is an access request initiated by a client to a web application.

[0039] Step C: According to the Web request obtained in Step B, obtain the corresponding Web request parameter, that is, the request content, from the access log to form a test ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to the network security technology and aims to provide a false alarm elimination method based on log playback. The false alarm elimination method based on the log playback includes the steps of dynamically generating a test sample library; performing a playback test on a rule library after updating a security strategy; analyzing the obtained new rule test results to obtain the false alarm rate of new rules in the test sample library; and comparing the obtained false alarm rate with a false alarm threshold, and automatically configuring whether to activate the new rules. The method of the invention can intelligently and efficiently judge the applicability of the new security strategy, and can eliminate the false alarm caused by the activation of the new security strategy and eliminate the false interruption caused by the activation of the new security strategy.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for eliminating false alarms based on log playback. Background technique [0002] When WEB is widely used and abundant, WEB server has gradually become the main attack target because of its powerful computing power, processing performance and high value. Security incidents such as SQL injection, webpage tampering, and webpage hanging horses occur frequently. [0003] In reality, using a firewall as the first line of defense of the security system still has problems of one kind or another, which led to the emergence of the Web application protection system WAF. The web application protection system is used to solve the web application security problems that traditional equipment such as firewalls are helpless. [0004] Different from traditional firewalls, WAF works at the application layer, so it has inherent technical advantages for web application protection...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L12/26
CPCH04L43/16H04L43/50H04L63/1416H04L63/1425H04L63/205
Inventor 郭晓范渊龙文洁
Owner HANGZHOU ANHENG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products