Alarm correlation analysis-based unknown attack scene detection method
A technology of correlation analysis and scene detection, which is applied in the field of unknown attack scene detection based on correlation analysis, can solve the problems of large number of alarm information and fragmented content, and achieve the effect of improving the effect
Inactive Publication Date: 2019-03-08
ZHEJIANG UNIV
View PDF2 Cites 11 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0007] The invention proposes an unknown attack scene detection method based on alarm correlation analysis, which can effectively solve the problem of large number of alarm information and fragmented content in the existing intrusion detection system, and can effectively identify the original rules by building a multi-step attack rule library Unknown variant attack behavior in the library, improving the effect of intrusion detection
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0064] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, and do not limit the protection scope of the present invention.
[0065] Such as figure 1 As shown, the present invention provides a method for detecting unknown attack scenarios based on alarm correlation analysis, comprising the following steps:
[0066] S1. Preprocess a large number of intrusion alarms from multiple sources to generate an alarm set.
[0067] S11. Identify the alarm data format of the intrusion detection system of each manufacturer.
[0068] S12. Formatting the IDS alarm data, using regular expressions to extract the eight fields of alarm name, alarm number, alarm level, source IP, destination IP, source port, dest...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses an alarm correlation analysis-based unknown attack scene detection method, which comprises the following steps: (1) preprocessing multi-source massive intrusion alarms, and generating an alarm set; (2) clustering the alarm set generated in the step (1) to generate an initial attack sequence set; (3) performing correlation analysis on the initial attack sequence set generated in the step (2) to generate a multi-step attack rule set; (4) performing similarity analysis between the multi-step attack rule set generated in the step (3) and an existing attack rule, and addingattack rules in real time to generate a new attack rule base in an intrusion detection system; and (5) performing, by the intrusion detection system, intrusion detection according to the new attack rule base. The method provided by the invention can effectively solve the problems that by use of the existing intrusion detection system, the alarm information quantity is large and contents are fragmentary; and construction of a correlation scene of an IDS alarm and automatic rule adding are realized.
Description
technical field [0001] The invention relates to the technical field of network security, in particular to an unknown attack scene detection method based on correlation analysis. Background technique [0002] With the rapid development of Internet technology, security problems are also emerging one after another. The intrusion detection system is widely used in the security protection system because of its advantages of high efficiency, rapidity and good concealment. Intrusion Detection Technology (IDS) is a network security technology that actively protects itself from attacks. As a reasonable supplement to the firewall, intrusion detection technology can help the system deal with network attacks, expand the security management capabilities of system administrators (including security audit, monitoring, attack identification and response), and improve the integrity of network security infrastructure. An intrusion detection system performs real-time detection of network act...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/0263H04L63/1416
Inventor 夏莹杰刘雪娇偶婧
Owner ZHEJIANG UNIV