Unlock instant, AI-driven research and patent intelligence for your innovation.
A network attack event analysis method and device associated with alarm logs
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
An analysis method and network attack technology, applied in the field of network security incident analysis, can solve problems such as leakage of confidential documents within the company, leakage of company personnel information, etc., to facilitate timely processing and improve detection efficiency.
Active Publication Date: 2021-11-05
STATE GRID ANHUI ELECTRIC POWER CO LTD +1
View PDF8 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
A variety of malicious codes (botnets, Trojan horses, ransomware, etc.) that are more harmful on the Internet are also constantly threatening the information network. There may also be various malicious codes lurking in various hosts and terminal devices. If not resolved in time, These malicious code problems will bring adverse consequences to the company's informatization construction, such as leakage of company personnel information, leakage of company internal confidential documents, etc.
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0089] figure 1 The flow block diagram of the network attack event analysis method associated with the alarm log provided by the first embodiment of the present invention, such as figure 1 In the embodiment of the present invention, an alarm log associated network attack event analysis method, including:
[0090] S1, get the original file of the log and preprocess the original file;
[0091] The original files of the acquisition log include:
[0092] 1) Through the core switch port mirroring technology, the acquisition of network traffic information in the information network is realized, and the PCAP file is generated; the PCAP is a packet capture library;
[0093] 2) The SYSLOG log for the collection of table tube systems, antivirus systems, IDS (Intrusion Detection Systems), WAF (WebApplication Firewall), Firewall, AttackTraceabilitySystem, Vulnerability Scanning Equipment, etc.
[0130] figure 2 Structure of network attack event analysis device for the alarm log associated with the second embodiment of the present invention, such as figure 2 A analyzer of network attack event analysis methods associated with alarm log, including:
[0131] The pre-processing module is used to obtain the original file; and pretreate the original file;
[0132] Attack rule fingerprint setup module, used to make an abnormal judgment analysis of the original file after the pre-treatment; based on judgment analysis results, establish an attack rule fingerprint library, and then improve and update the attack rules fingerprint library;
[0133] Association module for associating the attack rules fingerprint library with the event of the alarm log; for summarizing, merging, merge, and forming alarm event libraries;
[0134] Response and processing module for event response and processing in accordance with the alarm event library.
[0135] Further, acquiring the original file in t...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The present invention relates to a method for analyzing network attack events associated with alarm logs, comprising: S1, obtaining the original file of the log and preprocessing the original file; S2, performing abnormal judgment analysis on the preprocessed original file; according to the judgment analysis result, Build an attack rule fingerprintlibrary, and then gradually improve the attack rule fingerprintlibrary; S3, associate the attack rule fingerprintlibrary with the events in the alarm log; then summarize and merge the linked events to form an alarm event library; S4, The event library is used for event response and processing, and the invention also discloses a network attackevent analysis device associated with alarm logs. The invention can build an attack rule fingerprint database, and at the same time continuously improve the attack rule fingerprint database through the systematization of feature attributes, probability statistics method, dynamic tracking method, etc., so as to ensure timely response to different network attack events.
Description
Technical field [0001] The present invention relates to the field of network securityevent analysis, and more particularly to a network attack event analysis method and apparatus associated with alarm log. Background technique [0002] As the company's information construction continues to improve, a huge information network is formed inside the company. A variety of malicious code (zombie network, Trojan, lessif software, etc.) is also constantly threatening the information network, various hosts and terminal equipment, and if it is not solved in time, These malicious code issues will bring adverse consequences to the company's information construction, such as the company's information disclosure, the company's internal confidential document leaks, etc. [0003] Due to the number of all-network hosts and terminal devices, the distribution range is wide, the user security consciousness is uniform, the seemingly calm information network is full of high-risk hosts and high-risk t...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More