Network attack event analysis method and device associated with alarm log

A technology of network attack and analysis method, which is applied in the direction of data exchange network, electrical components, digital transmission system, etc., and can solve the problems of leakage of confidential documents inside the company and leakage of company personnel information, etc.

Active Publication Date: 2019-08-20
STATE GRID ANHUI ELECTRIC POWER +1
View PDF8 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

A variety of malicious codes (botnets, Trojan horses, ransomware, etc.) that are more harmful on the Internet are also constantly threatening the information network. There may also be various malicious codes lurking in various hosts and terminal devices. If not resolved in time, These malicious code problems will bring adverse consequences to the company's informatization construction, such as leakage of company personnel information, leakage of company internal confidential documents, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network attack event analysis method and device associated with alarm log
  • Network attack event analysis method and device associated with alarm log
  • Network attack event analysis method and device associated with alarm log

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0089] figure 1 The flow block diagram of the network attack event analysis method associated with the alarm log provided by Embodiment 1 of the present invention, as shown in figure 1 , in an embodiment of the present invention, a network attack event analysis method associated with an alarm log, including:

[0090] S1. Obtain the original file of the log and preprocess the original file;

[0091] The original files of the obtained logs include:

[0092] 1) Through the core switch port mirroring technology, the collection of network traffic information in the information network is realized, and a pcap file is generated; PCAP is a packet capture library;

[0093] 2) Collect syslog logs of data such as desktop management systems, anti-virus systems, IDS (Intrusion Detection Systems), WAF (WebApplication Firewall), firewalls, attack traceability systems, and vulnerability scanning devices;

[0094] The original file preprocessing includes:

[0095] Apply the big data platfo...

Embodiment 2

[0130] figure 2 A schematic structural diagram of the network attack event analysis device associated with the alarm log provided in Embodiment 2 of the present invention, as shown in figure 2 , an analysis device adopting a method for analyzing network attack events associated with alarm logs, comprising:

[0131] The preprocessing module is used to obtain the original file; and preprocess the original file;

[0132] The attack rule fingerprint library building module is used to judge and analyze the abnormality of the preprocessed original file; according to the judgment and analysis results, build the attack rule fingerprint library, and then improve and update the attack rule fingerprint library;

[0133] The association module is used to associate the attack rule fingerprint library with the events of the alarm log; it is used to summarize and merge the linked events to form an alarm event library;

[0134] The response and processing module is used to perform event r...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a network attack event analysis method associated with an alarm log, which comprises the following steps: S1, acquiring an original file of the log and preprocessing the original file; S2, performing abnormity judgment and analysis on the preprocessed original file; establishing an attack rule fingerprint database according to a judgment and analysis result, and graduallyperfecting the attack rule fingerprint database; S3, associating the attack rule fingerprint database with an event of the alarm log; summarizing and combining the linked events, and establishing an alarm event library; and S4, carrying out event response and processing according to the alarm event library. The invention also discloses a network attack event analysis device associated with the alarm log. According to the method and the device, the attack rule fingerprint database can be established, and meanwhile, the attack rule fingerprint database is continuously perfected through a characteristic attribute systematization method, a probability statistics method, a dynamic tracking method and the like, so that different network attack events can be timely handled.

Description

technical field [0001] The invention relates to the field of network security event analysis, and more particularly relates to a network attack event analysis method and device associated with alarm logs. Background technique [0002] With the continuous improvement of the company's informatization construction, a huge information network has been formed within the company. A variety of malicious codes (botnets, Trojan horses, ransomware, etc.) that are more harmful on the Internet are also constantly threatening the information network. There may also be various malicious codes lurking in various hosts and terminal devices. If not resolved in time, These malicious code problems will bring adverse consequences to the company's informatization construction, such as leakage of company personnel information, leakage of company internal confidential documents, and so on. [0003] Due to the large number of hosts and terminal devices in the entire network, the wide distribution ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/24
CPCH04L41/069H04L63/0236H04L63/0263H04L63/1425H04L63/1433H04L63/145
Inventor 方圆李明蒋明俞骏豪张亮蔡梦臣盛剑桥宫帅管建超孙强马永吴跃程航曹弯弯许畅姚振郭洋
Owner STATE GRID ANHUI ELECTRIC POWER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap