Network system event tracing method and system based on log and flow collection

A traffic collection and network system technology, applied in transmission systems, electrical components, etc., can solve the problem of unable to restore the attack path, and achieve the effect of improving accuracy

Inactive Publication Date: 2019-10-29
浙江高信技术股份有限公司
View PDF7 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] Based on this situation, the purpose of the present invention is to provide a network system event source tracing method and system based on log and tra...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Network system event tracing method and system based on log and flow collection
  • Network system event tracing method and system based on log and flow collection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. The drawings are not necessarily drawn to scale; some functions may be exaggerated or minimized to show details of specific components. Therefore, the specific structural and functional details disclosed herein should not be construed as limiting, but merely as a representative basis for teaching those skilled in the art to use the present invention in various ways. As those of ordinary skill in the art will understand, various features shown and described with reference to any one drawing can be combined with features shown in one or more other drawings to produce embodiments that are not explicitly shown or described. . Based on the embodiments of the present invention...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to an information security technology. A network system event traceability method and system based on log and flow collection can be provided, and the method comprises the steps:obtaining network access and network exit flow data of all network safety equipment in a flow mirroring mode at a core switch through a distributed log collection method, and storing the network access and network exit flow data in a flow database of each collection instance; adopting a centralized log collection method to collect logs generated by each network security device; filtering and processing the collected logs, and storing the logs in a log database; extracting an IP and occurrence time of the log identifier, and retrieving all flow data of the IP at an event occurrence time pointand within a period of time after the event occurrence time point in a flow database; aggregating presentation data. According to the embodiment of the invention, the problems that the source is difficult to trace and the attack means cannot be analyzed after the attack event occurs are solved, and a specific attack path and an attack target can be displayed according to the corresponding event.

Description

[0001] This application relates to the technical field of network and information security, and in particular to a method and system for network system event traceability based on log and traffic collection [0002] technical background [0003] The development of the Internet allows any individual or organization to connect to the network anywhere, and ensuring network security and service continuity has always been the primary goal of service providers. However, it is inevitable that systems that are connected to the outside world will be affected. The possibility of an attack. When a network security incident occurs, in addition to relying on security equipment to defend against the attack, we also want to know how malicious attacks affect the server, what are the specific malicious attack methods, and where should we start to prevent this in the future The recurrence of a similar event. Relying on the logs of network security devices, we can understand the classification of mal...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L63/1441
Inventor 王俊健冯诚波
Owner 浙江高信技术股份有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap