Unlock instant, AI-driven research and patent intelligence for your innovation.

Alarm linkage method, device and system, computer equipment and storage medium

A technology of linkage and alarm information, applied in the field of communication, can solve the problems of single security protection strategy, insufficient flexibility, lack of emergency response, etc., and achieve the effect of optimal attack response results

Inactive Publication Date: 2019-06-07
上海鹏越惊虹信息技术发展有限公司
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, many enterprises have deployed network security management systems, and even situational awareness systems to monitor the security status of network assets, but they are often helpless in the face of tens of thousands of security alarms, and lack effective means of emergency response.
For the processing of such alarms in the prior art, on the one hand, the expert manual emergency response method is generally adopted, which mainly relies on expert experience; on the other hand, through the security protection equipment deployed in the network, such as firewall, intrusion detection and

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Alarm linkage method, device and system, computer equipment and storage medium
  • Alarm linkage method, device and system, computer equipment and storage medium
  • Alarm linkage method, device and system, computer equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0038] Such as figure 2 As shown, in one embodiment, an alarm linkage method is proposed, and this embodiment is mainly applied to the above-mentioned figure 1 The alarm linkage device 130 in the system is used as an example, which may specifically include the following steps:

[0039] Step S201, receiving the alarm information sent by the alarm source, and identifying the type of network attack;

[0040] Step S202, obtaining a set of candidate linkage strategies according to the network attack type;

[0041] Step S203, calculating the network risk value of each linkage strategy in the candidate linkage strategy set, and using the linkage strategy corresponding to the minimum network risk value as the target linkage strategy;

[0042] Step S204, execute the corresponding alarm linkage action according to the target linkage strategy.

[0043] In the embodiment of the present invention, the type of network attack refers to the threat to the network system, such as brute forc...

Embodiment 2

[0078] Such as Figure 5 As shown, in one embodiment, an alarm linkage device is provided, which can be integrated into the above-mentioned alarm linkage device 130, and specifically can include:

[0079] The attack type identification module 501 is used to receive the alarm information sent by the alarm source and identify the network attack type;

[0080] A linkage strategy query module 502, configured to obtain a set of candidate linkage strategies according to the type of network attack;

[0081] A linkage strategy decision module 503, configured to calculate the network risk value of each linkage strategy in the candidate linkage strategy set, and use the linkage strategy corresponding to the minimum network risk value as the target linkage strategy;

[0082] A linkage strategy execution module 504, configured to execute corresponding alarm linkage actions according to the target linkage strategy.

[0083] In the embodiment of the present invention, the type of network ...

Embodiment 3

[0111] Such as Figure 8 As shown, in one embodiment, an alarm linkage system 801 is provided. The alarm linkage system 801 provided in the embodiment of the present invention includes:

[0112] An alarm information collection device 802, configured to collect alarm information and send the alarm information to the alarm linkage device;

[0113] The alarm linkage device 803 is configured to receive the alarm information, and execute the alarm linkage method, so as to perform a corresponding alarm linkage action.

[0114] In the alarm linkage system in the embodiment of the present invention, when receiving an alarm, by querying all matching strategies, and then selecting the optimal strategy through evaluation and selection steps, the overall optimal effect can be achieved; at the same time, the defense Combining the evaluation of the strategy with the change of the attack effect after the strategy is implemented, the evaluation of the attack effect provides feedback informat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the technical field of communication, in particular to an alarm linkage method, device and system, computer equipment and a storage medium. The method comprises the followingsteps: receiving alarm information sent by an alarm source, and identifying a network attack type; Obtaining a candidate linkage strategy set according to the network attack type; Calculating a network risk value for executing each linkage strategy in the candidate linkage strategy set, and taking the corresponding linkage strategy as a target linkage strategy when the network risk value is minimum; And executing a corresponding alarm linkage action according to the target linkage strategy. According to the alarm linkage method provided by the embodiment of the invention, when the alarm is received, all matched strategies are inquired, and then the optimal strategy is selected through the evaluation and selection steps, so that the global optimal effect can be achieved, and a better attackresponse result can be obtained in a relatively short time.

Description

technical field [0001] The present invention relates to the field of communication technology, in particular to an alarm linkage method, device, system, computer equipment and storage medium. Background technique [0002] As network attack methods become more and more complex, especially advanced persistent threat attacks become more and more normalized, enterprises need effective monitoring methods to discover abnormal behaviors in the network and quickly and accurately detect and monitor large-scale network management problems. Take emergency measures to avoid further economic losses and block network attacks as soon as possible. [0003] At present, many enterprises have deployed network security management systems and even situational awareness systems to monitor the security status of network assets, but they are often helpless in the face of tens of thousands of security alarms, and lack effective means of emergency response. For the processing of such alarms in the p...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/24H04L29/06
Inventor 李建华陈璐艺伍军李高勇
Owner 上海鹏越惊虹信息技术发展有限公司