Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Log ciphertext retrieval method based on alarm association

A log file and log technology, which is applied in the field of alarm log retrieval, can solve the problems of alarm log attacks, difficulty in guaranteeing log integrity and security, and low analysis efficiency, so as to ensure safe storage, improve analysis efficiency, and improve storage efficiency. safety effect

Pending Publication Date: 2019-10-22
BEIJING UNIV OF TECH
View PDF9 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, there are two very serious problems in the management and use of the alarm log. First, the alarm log records the attack events in the network and can analyze the attack intention of the intruder. It is different from ordinary data files. It is more It is vulnerable to tampering or theft. If the same storage method as ordinary data files is used, the alarm log is very likely to be attacked, which makes it difficult to guarantee the integrity and security of the log
Second, due to the large number of alarm logs, if you want to know the security problems in the network, the log administrator needs to conduct security analysis on the massive alarm logs, which contain a large number of false alarms and irrelevant alarms. These low-level alarms are not practical. attack behavior, and it is not helpful to the results of log analysis, which interferes with the correct analysis of the intruder's attack intention and makes the analysis inefficient

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Log ciphertext retrieval method based on alarm association
  • Log ciphertext retrieval method based on alarm association
  • Log ciphertext retrieval method based on alarm association

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0014] The present invention will be described in detail below in conjunction with the specific embodiment of accompanying drawing:

[0015] figure 1 It is a log ciphertext retrieval model diagram based on alarm correlation, including:

[0016] The log owner module is the owner of the alarm log. The log owner extracts the alarm vector from the alarm log through the client, extracts the ciphertext index structure according to the alarm vector and index construction algorithm, and extracts the log Hash from the alarm log. The value and the log storage address form the log metadata. After all the log collections are processed, they are packaged with the ciphertext index structure and uploaded to the blockchain node. It is necessary to keep the key of the encrypted log. When receiving the key application, the searcher’s identity information To verify, only after the verification is completed can the key be sent to the log retriever who has completed the authentication.

[0017] ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a log ciphertext retrieval method based on alarm association. A distributed storage structure based on a block chain is constructed, so that the security of the alarm log is ensured; a function for calculating the threat degree of the source address is defined; clustering and index construction are carried out on the alarm logs according to the calculated threat degree; theindex construction method based on alarm association is designed, the alarm logs belonging to the same attack process are extracted by performing correlation analysis on the alarm logs, the securityindex is constructed, effective retrieval is performed, the alarm logs with attack intention are acquired, and the analysis efficiency of the alarm logs can be improved. The designed method comprisesa log owner module, a distributed log storage module and a log searcher module, and has the advantages of being high in storage safety, high in log search efficiency and the like.

Description

technical field [0001] The invention is applied to the retrieval field of alarm logs, and is a log ciphertext retrieval method capable of ensuring log security and improving follow-up analysis efficiency. Background technique [0002] With the rapid development of information technology, there are more and more attack methods of network intrusion, and the role of network protection system is also more obvious. The intrusion detection system (IDS, intrusion detection system) is responsible for real-time monitoring of the overall operating status of the network and system. By discovering and recording various attack behaviors, it can ensure the normal operation of the network system and increase the security and integrity of the network protection system. sex. By using the IDS alarm log to record the detected attack behavior, the security loopholes in the network environment can be found out in time through log analysis, and the protection system in the network device can be ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F16/13G06F16/18G06F16/182G06F21/60
CPCG06F16/1815G06F16/1824G06F16/13G06F21/602
Inventor 秦华黄菊刘静赖英旭
Owner BEIJING UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com