Method and device for processing alarm information

An information processing method and alarm information technology, which are applied in the field of alarm information processing methods and devices, can solve problems such as inability to locate network threat events, and achieve the effect of reducing the response cycle

Active Publication Date: 2022-07-12
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The embodiment of the present application provides a method and device for processing alarm information, which is used to solve the problem that in the prior art, when a large amount of alarm information is generated on the network, network security operation and maintenance personnel and security researchers cannot quickly locate the real alarm based on a large amount of alarm information. The Problem with Cyber ​​Threat Incidents

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for processing alarm information
  • Method and device for processing alarm information
  • Method and device for processing alarm information

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0042] In view of the large number of detection devices and the large amount of detection data in the prior art, a large amount of alarm information will be generated, and network security operation and maintenance personnel and security researchers cannot quickly locate real network threat events based on the large amount of alarm information. The embodiments of the present application provide the following solutions.

[0043] In order to solve the above-mentioned problems in the embodiment of the present invention, the general idea is as follows:

[0044] First extract the alarm type information, source IP address information and destination IP address of each alarm information generated, and then combine the alarm type and source IP address into information pairs, that is, determine the threat source, and then determine the alarm type by looking up the table. Rating value, use preset rules to determine the threat source rating value and the IP address information rating val...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present application discloses a method and device for processing alarm information. The method includes: extracting alarm type, source IP address and destination IP address of alarm information to be rated; obtaining, within a preset time period, the occurrence frequency reflecting the alarm type The alarm type rating value, the threat source rating value reflecting whether the threat source of the alarm information appears for the first time, and the IP address information rating value reflecting the threat level associated with the IP address information; based on the alarm type rating value, the threat source rating The numerical value and the IP address information rating numerical value are weighted and summed to determine an alarm information threat level representing the threat level of the alarm information, and the alarm information is sorted based on the alarm information threat level. By applying the solution provided in this application, the response speed of a threat event can be improved.

Description

technical field [0001] The present application relates to the technical field of network security, and in particular, to a method and device for processing alarm information. Background technique [0002] With the growing trend of network traffic, network attacks are becoming more and more complex. In the prior art, in order to deal with various increasingly complex network attacks, network security devices such as intrusion detection equipment, firewall equipment, and terminal detection and response equipment are generally used. The detection device monitors the network, terminals, etc. in real time, and outputs abnormal conditions such as network attacks in the form of alarm information, which is provided to the network security operation and maintenance personnel. Due to different reasons, security detection equipment generates a large amount of alarm information, and network security operation and maintenance personnel cannot quickly locate real network threat events fro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L41/0604
CPCH04L41/0609H04L41/0627
Inventor 张润滋刘文懋刘威歆张胜军陈磊
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap