A log-based threat intelligence detection method and device
A detection method and intelligence technology, which is applied in the field of log-based threat intelligence detection, can solve the problems of slow network operation speed, small coverage of data security detection, detection method efficiency that cannot meet the requirements, etc., and achieve the effect of improving detection efficiency
Active Publication Date: 2022-05-24
BEIJING QIANXIN TECH
View PDF8 Cites 0 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0003] The existing technology mainly adopts the conventional detection method for a single type of log, which can cope with a network with a small amount of data, but for a massive data network, the efficiency of the detection method obviously cannot meet the requirements, resulting in a significant reduction in network operation speed. At the same time, the coverage of data security detection is small
[0004] In the process of realizing the embodiment of the present invention, the inventor found that the detection efficiency of the existing method for network security detection of massive data is too low
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0048] The specific embodiments of the present invention will be further described below with reference to the accompanying drawings. The following examples are only used to illustrate the technical solutions of the present invention more clearly, and cannot be used to limit the protection scope of the present invention.
[0049] figure 1 A schematic flowchart of a log-based threat intelligence detection method provided in this embodiment is shown, including:
[0050] S101. Obtain log files of different file types, parse the log files, match different threat indicator IOC types, obtain parsed files, and add the parsed files to a detection engine queue.
[0051] The file types of log files may include various file methods, such as file methods, logstash methods, or API methods. Specific file types may include log traffic such as JSON, Syslog, Netflow, DNS, and HTTP, as well as log records of the SEIM system. By obtaining log files of different file types, it is convenient to ...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The embodiment of the present invention discloses a log-based threat intelligence detection method and device. The method includes: obtaining log files of different file types, parsing the log files, matching different threat indicator IOC types, and comparing the different IOC type of analysis file is added to the detection engine queue; the target analysis file is obtained from the detection engine queue, and the corresponding target query method is determined according to the IOC type of the target analysis file; if the target is found according to the target query method If there is threat intelligence in the parsed file, threat warning information will be generated, such as containing a compromised host or malicious files. By parsing log files of different file types, and using the corresponding query method of loss detection to query the target parsing file, it can process large batches of data at the same time, and greatly improve the detection efficiency of network security detection for massive data.
Description
technical field [0001] Embodiments of the present invention relate to the technical field of network security, and in particular, to a log-based threat intelligence detection method and device. Background technique [0002] With the rapid development of computer technology and network applications, the amount of network information data is increasing, and the data security of massive data has become more and more important. Today's data generated by various applications such as social networks, mobile communications, network video and audio, e-commerce, sensor networks, and scientific experiments can often generate massive data of tens of millions, billions, or even billions and tens of billions. The security of the network requires the detection of these massive data to ensure the safe operation of the network. [0003] The prior art mainly adopts a conventional single-type log detection method, which can cope with a network with a small amount of data. However, for a mass...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Patents(China)
IPC IPC(8): G06F11/32G06F21/55
CPCG06F11/327G06F21/55
Inventor 白敏高浩浩李朋举韩志立汪列军
Owner BEIJING QIANXIN TECH