Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Distributed security event associated analysis method based on knowledge graph

A security event and correlation analysis technology, applied in the field of distributed security event correlation analysis based on knowledge graph, can solve problems such as poor collaborative work ability, inflexible relational database storage, inability to automatically analyze and reason, and achieve faster retrieval speed, The effect of increased flexibility, fast analysis speed

Active Publication Date: 2018-07-10
NAT UNIV OF DEFENSE TECH +1
View PDF5 Cites 51 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] First of all, the traditional situational awareness system stores multiple dimensions independently in a relational database, such as Mysql. When doing real-time correlation analysis, it needs to quickly join many tables. The degree of impact on the real-time and accuracy of correlation analysis is very severe for the situational awareness system with high real-time requirements
Second, other information such as attack rule knowledge is usually unstructured, and conventional relational database storage is not flexible enough
Third, traditional rule-based association analysis needs to rely on expert knowledge to construct attack scenarios. For new attacks that are not in the attack template knowledge base, automatic analysis and reasoning are usually not possible.
[0005] Another outstanding problem is that the association analysis methods proposed by earlier scholars are usually stand-alone designed algorithms, but the current era is the era of big data, the rapid development of the Internet, and the continuous expansion of network scale cannot well meet the needs of large-scale data analysis.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Distributed security event associated analysis method based on knowledge graph
  • Distributed security event associated analysis method based on knowledge graph

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] The implementation of the present invention will be described in detail below in conjunction with the accompanying drawings and examples, so as to fully understand and implement the process of how to apply technical means to solve technical problems and achieve technical effects in the present invention. It should be noted that, as long as there is no conflict, each embodiment and each feature in each embodiment of the present invention can be combined with each other, and the formed technical solutions are all within the protection scope of the present invention.

[0045] In addition, the steps shown in the flow diagrams of the figures may be performed in a computer system, such as a set of computer-executable instructions, and, although a logical order is shown in the flow diagrams, in some cases, the sequence may be different. The steps shown or described are performed in the order herein.

[0046] Such as figure 1 and 2 Shown, in order to realize the object of the p...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a distributed network security event associated analysis method based on a knowledge graph. The method specifically comprises the following steps of 1, building a network security knowledge graph comprising five dimensions such as the basic dimension, the loophole dimension, the threat dimension, the alarm event dimension and the attack rule dimension; 2, designing a security event implementation associated analysis algorithm based on the knowledge graph built in the step 1; and 3, building a real-time big data analysis platform, applying the associated analysis algorithm designed in the step 2 to the built big data platform, and thus achieving a distributed associated analysis system. According to the method provided by the invention, related technologies of current big data process are fully used for dealing with the large data volume, the associated analysis algorithm is parallelized, and the design of the distributed associated analysis algorithm based on the knowledge graph is achieved.

Description

technical field [0001] The invention belongs to the field of network security situation awareness, and mainly relates to a distributed security event correlation analysis method based on a knowledge graph. Background technique [0002] With the application of computer networks more and more widely, its scale is getting bigger and bigger, multi-level network security threats and security risks are also increasing, and the threats and losses posed by network viruses and Dos / DDos attacks are increasing. Network attacks are developing toward distributed, large-scale, and complex trends. Only relying on single network security protection technologies such as firewalls, intrusion detection, anti-virus, and access control can no longer meet the needs of network security. In order to deal with increasingly complex and highly hidden network security threats and ensure the safe operation of the system, it is necessary to use related technologies in the field of network security situat...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/0631H04L41/0677H04L41/14H04L63/1433
Inventor 王伟江荣贾焰周斌李爱平杨树强韩伟红李润恒徐镜湖安伦亓玉璐杨行马凯林佳尚怀军
Owner NAT UNIV OF DEFENSE TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products