Alarm information processing method and device

An information processing method and alarm information technology, which are applied in the field of alarm information processing methods and devices, can solve problems such as inability to locate network threat events, and achieve the effect of reducing the response cycle

Active Publication Date: 2019-12-03
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The embodiment of the present application provides a method and device for processing alarm information, which is used to solve the problem that in the prior art, when a large amount of alarm information is generat

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Alarm information processing method and device
  • Alarm information processing method and device
  • Alarm information processing method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] In view of the large number of detection devices and the large amount of detection data in the existing technology, a large amount of alarm information will be generated, and network security operation and maintenance personnel and security researchers cannot quickly locate real network threat events based on a large number of alarm information. The embodiment of the present application provides the following solutions.

[0043] In order to solve the above problems in the embodiments of the present invention, the general idea is as follows:

[0044] First extract the alarm type information, source IP address information, and destination IP address of each generated alarm information, and then combine the alarm type and source IP address into an information pair, that is, determine the threat source, and then determine the alarm type by looking up the table Rating value, using preset rules to determine the threat source rating value and the IP address information rating ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an alarm information processing method and device. The method comprises the steps of extracting an alarm type, a source IP address and a destination IP address of to-be-rated alarm information; in a preset time period, obtaining an alarm type rating value reflecting the occurrence frequency of the alarm type, a threat source rating value reflecting whether a threat source of the alarm information appears for the first time or not, and an IP address information rating value reflecting the associated threat degree of the IP address information; and performing weighted summation based on the alarm type rating value, the threat source rating value and the IP address information rating value to determine an alarm information threat level representing the alarm information threat degree, and sorting the alarm information based on the alarm information threat level. By applying the scheme provided by the invention, the threat event response speed can be increased.

Description

technical field [0001] The present application relates to the technical field of network security, and in particular to a method and device for processing alarm information. Background technique [0002] With the increasing trend of network traffic, network attacks are becoming more and more complex. In the existing technology, in order to deal with various increasingly complex network attacks, network security devices such as intrusion detection equipment, firewall equipment, terminal detection and response equipment, etc. are generally used. The detection equipment monitors the network and terminals in real time, and outputs abnormal situations such as network attacks in the form of alarm information, which is provided to the network security operation and maintenance personnel. For different reasons, the security detection equipment generates a large amount of alarm information, but within a limited time, network security operation and maintenance personnel cannot quickly...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/24
CPCH04L41/0609H04L41/0627
Inventor 张润滋刘文懋刘威歆张胜军陈磊
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap