Cloud security event real-time detection system and method based on machine learning

A technology of security incidents and machine learning, applied in the field of cross-cloud resource sharing, can solve problems such as easy means and easy hiding, and undetectable attack types, so as to improve the accuracy of analysis, facilitate log analysis, and improve system analysis efficiency and analysis The effect of accuracy

Active Publication Date: 2020-03-24
SUN YAT SEN UNIV
View PDF6 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The following problems exist in cloud computing environment log analysis: (1). There are various attack modes in the cloud environment, and the attack methods are easy to hide. For the current common rule-based log analysis system, it is impossible to detect unknown and new attack types
(2). There are many instances in the cloud environment, the generated log data is large, the total category is diverse, and the value density is characterized. How to analyze cloud logs effectively in real time is a challenging task.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Cloud security event real-time detection system and method based on machine learning
  • Cloud security event real-time detection system and method based on machine learning
  • Cloud security event real-time detection system and method based on machine learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] This embodiment provides a real-time detection system for cloud security events based on machine learning, including a log collection module, a log analysis module, an audit storage module and a front-end management module;

[0048] The log collection module collects logs in all cloud platforms through a log collection engine, and after log preprocessing, sends all logs to the log analysis module for unified analysis;

[0049] The log analysis module analyzes the received log data, and generates a log analysis result;

[0050] The audit storage module stores logs with large amounts of data in the distributed file system, and stores log analysis results with small amounts of data and important logs in the database;

[0051] The front-end management module displays system operation status and security events that occur.

Embodiment 2

[0053] This embodiment provides a method for real-time detection of cloud security events based on machine learning, including the following steps:

[0054] S1. The log collection module sends all logs to the log analysis module for unified analysis;

[0055] S2. The log analysis module analyzes the received log data and generates a log analysis result;

[0056] S3. The audit storage module stores logs with a large amount of data in the distributed file system, and stores log analysis results with small amounts of data and important logs in the database;

[0057] S4. The front-end management module displays system operation status and security events that occur.

[0058] There are many types of log files in the cloud environment. First, determine which log files to collect. The log files collected by this method include instance logs, physical machine logs, system logs, audit logs, and cloud platform logs, and send these logs to a unified Log analysis module. The log collec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a cloud security event real-time detection method based on machine learning, and provides a log analysis method based on rules and machine learning on the basis of a log analysis method based on rules, so that security events can be discovered according to the corresponding rules, and unknown security events can be detected. The method comprises the following steps of analyzing a cloud log by adopting Spark to achieve real-time analysis effect, convenient extension, improving system analysis efficiency and analysis accuracy through multiple modes, improving log filteringand analysis efficiency by adding information to the head of the log, facilitating log analysis by transforming the log into a unified format, storing different types of information according to different modes to improve storage efficiency, and improving analysis accuracy through a sliding window. Thirdly, the method is suitable for a cloud environment and can detect malicious behaviors of cloudtenants.

Description

technical field [0001] The present invention relates to the field of cross-cloud resource sharing, and more specifically, to a real-time detection method analysis system and method for cloud security events based on machine learning. Background technique [0002] Cloud computing integrates various hardware and software resources in the Internet through technologies such as virtualization and distribution to provide users with effective services. Cloud computing has good prospects for development, but security issues are the main obstacles hindering the development of cloud computing. The characteristics of cloud computing, such as multi-tenant and convenient access, cause cloud computing to face more serious security problems, such as (1). Threats from within the cloud service provider. For example, there are malicious cloud platform administrators who use their own authority to invade the accounts of cloud tenants, resulting in the theft of user privacy. (2). From externa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L29/06H04L29/08
CPCH04L41/145H04L41/069H04L63/0245H04L63/1425H04L67/1097
Inventor 金舒原陈浩
Owner SUN YAT SEN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap