Log-based threat intelligence detection method and device

A detection method and intelligence technology, applied in the field of log-based threat intelligence detection, can solve the problems of reduced network operation speed, inability of detection method efficiency to meet requirements, and small data security detection coverage, so as to achieve the effect of improving detection efficiency.

Active Publication Date: 2018-11-06
BEIJING QIANXIN TECH
View PDF8 Cites 32 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The existing technology mainly adopts the conventional detection method for a single type of log, which can cope with a network with a small amount of data, but for a massive data network, the efficiency of the detection method obviously cannot meet the requirements, resulting in a significant reduc

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Log-based threat intelligence detection method and device
  • Log-based threat intelligence detection method and device
  • Log-based threat intelligence detection method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0048] The specific embodiments of the present invention will be further described below in conjunction with the accompanying drawings. The following examples are only used to illustrate the technical solution of the present invention more clearly, but not to limit the protection scope of the present invention.

[0049] figure 1 A schematic flowchart of a log-based threat intelligence detection method provided in this embodiment is shown, including:

[0050] S101. Obtain log files of different file types, parse the log files, match different threat indicator IOC types, obtain parsed files, and add the parsed files to a detection engine queue.

[0051] Among them, the file type of the log file can include various file methods, such as file method, logstash method or API method, and the specific file type can include JSON, Syslog, Netflow, DNS, HTTP and other log traffic and log records of the SEIM system. By obtaining log files of different file types, it is convenient to agg...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

Embodiments of the invention disclose a log-based threat intelligence detection method and device. The method comprises the steps of obtaining log files of different file types, analyzing the log files, matching different IOC types, and adding analysis files of the different IOC types to a detection engine queue; obtaining a target analysis file from the detection engine queue, and determining a corresponding target query mode according to the IOC type of the target analysis file; and if it is queried that threat intelligence exists in the target analysis file according to the target query mode, generating threat alert information, which, for example, includes an attacked host or a malicious file. The log files of the different file types are analyzed, and the target analysis file is queried in the corresponding attack detection query mode, so that large-batch data can be processed at the same time, and the network security detection efficiency of massive data is greatly improved.

Description

technical field [0001] The embodiments of the present invention relate to the technical field of network security, and in particular to a log-based threat intelligence detection method and device. Background technique [0002] With the rapid development of computer technology and network applications, the amount of network information data is increasing, and the data security of massive data is becoming more and more important. Data generated by various applications such as social networks, mobile communications, network video and audio, e-commerce, sensor networks, and scientific experiments can often generate tens of millions, billions, or even billions or tens of billions of massive data. The security of the network needs to detect these massive data to ensure the safe operation of the network. [0003] The existing technology mainly adopts the conventional detection method for a single type of log, which can cope with a network with a small amount of data, but for a mas...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F11/32G06F21/55
CPCG06F11/327G06F21/55
Inventor 白敏高浩浩李朋举韩志立汪列军
Owner BEIJING QIANXIN TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap