A real-time detection system and method for cloud security incidents based on machine learning

A security event and machine learning technology, applied in the field of cross-cloud resource sharing, can solve problems such as undetectable attack types, easy means and easy hiding, etc., to facilitate log analysis, improve system analysis efficiency and analysis accuracy, and improve storage. The effect of efficiency

Active Publication Date: 2022-03-25
SUN YAT SEN UNIV
View PDF6 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The following problems exist in cloud computing environment log analysis: (1). There are various attack modes in the cloud environment, and the attack methods are easy to hide. For the current common rule-based log analysis system, it is impossible to detect unknown and new attack types
(2). There are many instances in the cloud environment, the generated log data is large, the total category is diverse, and the value density is characterized. How to analyze cloud logs effectively in real time is a challenging task.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A real-time detection system and method for cloud security incidents based on machine learning
  • A real-time detection system and method for cloud security incidents based on machine learning
  • A real-time detection system and method for cloud security incidents based on machine learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0047] This embodiment provides a real-time detection system for cloud security events based on machine learning, including a log collection module, a log analysis module, an audit storage module and a front-end management module;

[0048] The log collection module collects logs in all cloud platforms through a log collection engine, and after log preprocessing, sends all logs to the log analysis module for unified analysis;

[0049] The log analysis module analyzes the received log data, and generates a log analysis result;

[0050] The audit storage module stores logs with large amounts of data in the distributed file system, and stores log analysis results with small amounts of data and important logs in the database;

[0051] The front-end management module displays system operation status and security events that occur.

Embodiment 2

[0053] This embodiment provides a method for real-time detection of cloud security events based on machine learning, including the following steps:

[0054] S1. The log collection module sends all logs to the log analysis module for unified analysis;

[0055] S2. The log analysis module analyzes the received log data and generates a log analysis result;

[0056] S3. The audit storage module stores logs with a large amount of data in the distributed file system, and stores log analysis results with small amounts of data and important logs in the database;

[0057] S4. The front-end management module displays system operation status and security events that occur.

[0058] There are many types of log files in the cloud environment. First, determine which log files to collect. The log files collected by this method include instance logs, physical machine logs, system logs, audit logs, and cloud platform logs, and send these logs to a unified Log analysis module. The log collec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The present invention provides a real-time detection method for cloud security events based on machine learning. Based on the rule-based log analysis method, a log analysis method based on rules and machine learning is proposed, which can not only discover security events according to corresponding rules, but also Unknown security events can be detected. Second, use Spark to analyze cloud logs to achieve the effect of real-time analysis, and facilitate expansion, and improve system analysis efficiency and analysis accuracy in various ways, and improve log filtering and analysis efficiency by adding information to the log header. Parsing the log into a unified format facilitates log analysis, stores different types of information in different ways to improve storage efficiency, and improves the accuracy of analysis through sliding windows. Third, it is suitable for cloud environments and can detect malicious behaviors of cloud tenants.

Description

technical field [0001] The present invention relates to the field of cross-cloud resource sharing, and more specifically, to a real-time detection method analysis system and method for cloud security events based on machine learning. Background technique [0002] Cloud computing integrates various hardware and software resources in the Internet through technologies such as virtualization and distribution to provide users with effective services. Cloud computing has good prospects for development, but security issues are the main obstacles hindering the development of cloud computing. The characteristics of cloud computing, such as multi-tenant and convenient access, cause cloud computing to face more serious security problems, such as (1). Threats from within the cloud service provider. For example, there are malicious cloud platform administrators who use their own authority to invade the accounts of cloud tenants, resulting in the theft of user privacy. (2). From externa...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L41/14H04L41/069H04L9/40H04L67/1097
CPCH04L41/145H04L41/069H04L63/0245H04L63/1425H04L67/1097
Inventor 金舒原陈浩
Owner SUN YAT SEN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap