Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A confidence-based network security alarm processing method

A processing method and network security technology, applied in the field of network security, can solve problems such as uselessness, and achieve the effect of reducing data volume and speeding up

Active Publication Date: 2021-05-14
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the network security device will also generate a large number of useless alarms

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A confidence-based network security alarm processing method
  • A confidence-based network security alarm processing method
  • A confidence-based network security alarm processing method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0042] A confidence-based network security alarm processing method. It is characterized in that the alarm confidence level of network security alarms is obtained through machine learning. First, machine learning algorithms are used to build machine learning models. The algorithms used include but are not limited to LSTM, CNN and other algorithms, and then attack requests collected from the network are used to With normal requests, the training model obtains a model with better classification effect, and the built models are all regression models. Input the original request that triggered the alarm into the machine learning model for model recognition and evaluation. The model scores the raw data of a single alarm to determine whether it is an attack, the type of attack, and the probability of an attack. The probability score output by the model is the confidence level of the alarm. According to the accuracy of the model, the alarms are graded, and the alarms are divided into ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention proposes a method for processing network security alarms based on confidence, which includes three steps of acquiring confidence, grading and eliminating alarms, and aggregating alarms. The step of obtaining the confidence degree adopts a machine learning method, and obtains the confidence degree of the original alarm through the machine learning model. Then use the confidence level to remove and classify the original alarms. After the grading is completed, the alarms confirmed as attacks are first aggregated to obtain high-level alarms. If the obtained high-level alarms are not enough to meet the analysis requirements, alarm aggregation is performed on highly suspected alarms to obtain more high-level alarms.

Description

technical field [0001] The invention proposes a method for processing network security alarms based on confidence, which is used to eliminate useless and redundant network security equipment alarms and improve the analysis efficiency of network security intrusion events. In the field of network security. Background technique [0002] With the rapid development of computer information and communication technology, network security attacks occur from time to time. At this stage, enterprises and institutions basically rely on security devices and the logs generated by security devices for defense and re-analysis of security attack events. False positives and negative negatives are common in current network security devices, and there are a large number of bots on the Internet. These bots are often used by criminals as scanners to scan the entire network. Therefore, the network security device also generates a large number of useless alarms. Contents of the invention [000...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L12/24H04L29/06G06K9/62
CPCH04L41/0631H04L41/0604H04L41/145H04L63/1408G06F18/214G06F18/24
Inventor 张小松牛伟纳巫长勇李婷肖建安邓建
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products